Update the example pravega custom resource file (#597)

* Update the example pravega custom resource file Signed-off-by: Nishant Gupta <[email protected]> * Addressing review comments Signed-off-by: Nishant Gupta <[email protected]> * Remove the duplicate values Signed-off-by: Nishant Gupta <[email protected]>
pravega · Nov 30, 2021 · e7af6d1 · e7af6d1
1 parent 6a41b11
commit e7af6d1
Show file tree

Hide file tree

Showing 6 changed files with 254 additions and 173 deletions.
diff --git a/deploy/crds/cr.yaml b/deploy/crds/cr.yaml
diff --git a/deploy/crds/pravega-cr.yaml b/deploy/crds/pravega-cr.yaml
@@ -0,0 +1,247 @@
+apiVersion: "pravega.pravega.io/v1beta1"
+kind: "PravegaCluster"
+metadata:
+  name: "pravega"
+  labels:
+    app.kubernetes.io/name: "pravega-cluster"
+spec:
+  version: 0.10.0
+  zookeeperUri: zookeeper-client:2181
+  bookkeeperUri: bookkeeper-bookie-headless:3181
+
+  # Client can communicate with Pravega in a more secure way using TLS.
+  # To enable this feature, you will first need to create secrets for Controller and Segment Store so as to make the relevant, 
+  # sensible files available to the backend pods.
+  # See https://github.com/pravega/pravega-operator/blob/master/doc/tls.md
+
+  # tls:
+  #   static:
+  #     controllerSecret: "controller-pki"
+  #     segmentStoreSecret: "segmentstore-pki"
+
+
+  # Pravega supports pluggable authentication and authorization
+  # See https://github.com/pravega/pravega-operator/blob/master/doc/auth.md
+
+  authentication:
+    enabled: false
+    # ## passwordAuthSecret is ignored if authentication is disabled
+    # passwordAuthSecret:
+    #  ##segmentStoreToken is ignored if authentication is disabled
+    # segmentStoreTokenSecret:
+    #  ##controllerTokenSecret is ignored if authentication is disabled
+    # controllerTokenSecret:
+
+  # By default, a Pravega cluster uses ClusterIP services which are only accessible
+  # from within Kubernetes. However, when creating the Pravega cluster resource, you can opt to enable external access
+  # See https://github.com/pravega/pravega-operator/blob/master/doc/external-access.md
+
+  # externalAccess:
+  #   enabled:
+  #   type:
+  #   domainName:
+
+  pravega:
+    image:
+      repository: pravega/pravega
+      pullPolicy: IfNotPresent
+    controllerReplicas: 1
+    # maxUnavailableControllerReplicas:
+    # controllerSvcNameSuffix:
+    # controllerSecurityContext:
+    # controllerPodAffinity:
+    # controllerExtServiceType:
+    # controllerSvcAnnotations:
+    controllerjvmOptions: ["-Xms512m", "-XX:+ExitOnOutOfMemoryError", "-XX:+CrashOnOutOfMemoryError", "-XX:+HeapDumpOnOutOfMemoryError", "-XX:HeapDumpPath=/tmp/dumpfile/heap", "-XX:MaxRAMPercentage=50.0", "-XX:+UseContainerSupport", "-XX:+PrintExtendedThreadInfo"]
+
+    # controllerPodLabels:
+    # controllerPodAnnotations:
+    # controllerInitContainers:
+
+    # controllerProbes:
+    #   readinessProbe:
+    #     initialDelaySeconds: 20
+    #     periodSeconds: 10
+    #     failureThreshold: 3
+    #     successThreshold: 3
+    #     timeoutSeconds: 60
+    #   livenessProbe:
+    #     initialDelaySeconds: 60
+    #     periodSeconds: 15
+    #     failureThreshold: 4
+    #     successThreshold: 1
+    #     timeoutSeconds: 5
+
+    controllerResources:
+      requests:
+        memory: "1Gi"
+        cpu: "500m"
+      limits:
+        memory: "2Gi"
+        cpu: "1000m"
+
+    segmentStoreReplicas: 3
+    # maxUnavailableSegmentStoreReplicas:
+    # segmentStoreEnvVars:
+    # segmentStoreSecurityContext:
+    # segmentStorePodAffinity:
+    # segmentStoreExtServiceType:
+    # segmentStoreSvcAnnotations:
+    # segmentStoreLoadBalancerIP:
+    # segmentStoreExternalTrafficPolicy:
+
+    # segmentStoreSecret:
+    #   secret:
+    #   mountPath:
+    segmentStoreResources:
+      requests:
+        memory: "4Gi"
+        cpu: "1000m"
+      limits:
+        memory: "4Gi"
+        cpu: "2000m"
+
+    segmentStoreJVMOptions: ["-Xms1g", "-Xmx1g", "-XX:MaxDirectMemorySize=2560m", "-XX:+ExitOnOutOfMemoryError", "-XX:+CrashOnOutOfMemoryError", "-XX:+HeapDumpOnOutOfMemoryError", "-XX:HeapDumpPath=/tmp/dumpfile/heap", "-XX:MaxRAMPercentage=50.0", "-XX:+UseContainerSupport", "-XX:+PrintExtendedThreadInfo"]
+
+    # segmentStorePodLabels:
+    # segmentStorePodAnnotations:
+    # segmentStoreStsNameSuffix:
+    # segmentStoreHeadlessSvcNameSuffix:
+    # segmentStoreInitContainers:
+
+    # segmentStoreProbes:
+    #   readinessProbe:
+    #     initialDelaySeconds: 10
+    #     periodSeconds: 10
+    #     failureThreshold: 30
+    #     successThreshold: 1
+    #     timeoutSeconds: 5
+    #   livenessProbe:
+    #     initialDelaySeconds: 300
+    #     periodSeconds: 15
+    #     failureThreshold: 4
+    #     successThreshold: 1
+    #     timeoutSeconds: 5
+
+    # To enable auth handlers in Pravega controller, refer https://github.com/pravega/pravega-operator/blob/master/doc/auth-handlers.md
+
+    # authImplementations:
+    #   mountPath:
+    #   authHandlers:
+    #   - image:
+    #     source:
+
+    # Pravega supports passing influxdb credentials as secret.
+    # It is the recommended approach rather than passing username/password as part of Pravega options.
+    # See https://github.com/pravega/pravega-operator/blob/master/doc/influxdb-auth.md
+
+    # influxDBSecret:
+    #   secret:
+    #   mountPath:
+
+    # DebugLogging indicates whether or not debug level logging is enabled.
+    # Defaults to false
+    debugLogging: false
+
+    longtermStorage:
+      filesystem:
+        persistentVolumeClaim:
+          claimName: pravega-tier2
+
+      # ecs:
+      #   configUri: http://10.247.10.52:9020?namespace=pravega
+      #   bucket: "shared"
+      #   prefix: "example"
+      #   credentials: ecs-credentials
+
+      # hdfs:
+      #   uri: hdfs://10.240.10.52:8020/
+      #   root: /example
+      #   replicationFactor: 3
+
+      # custom:
+      #   options:
+      #     pravegaservice.storage.layout: "CHUNKED_STORAGE"
+      #     pravegaservice.storage.impl.name: "S3"
+      #     s3.bucket: "aws-sdk-test"
+      #     s3.prefix: "10-11-1"
+      #     s3.connect.config.uri.override: "false"
+      #     s3.connect.config.uri: <uri>
+      #     s3.connect.config.access.key: <access key>
+      #     s3.connect.config.secret.key: <secret key>
+      #   env:
+      #     TIER2_STORAGE: "S3"
+      #     AWS_ACCESS_KEY_ID: "key"
+      #     AWS_SECRET_ACCESS_KEY: "secret"
+
+    # See https://github.com/pravega/pravega/blob/3f5b65084ae17e74c8ef8e6a40e78e61fa98737b/config/config.properties
+    # for available configuration properties
+    options:
+      bookkeeper.ensemble.size: "3"
+      bookkeeper.write.quorum.size: "3"
+      bookkeeper.ack.quorum.size: "3"
+      bookkeeper.write.timeout.milliseconds: "60000"
+      bookkeeper.write.outstanding.bytes.max: "33554432"
+      pravegaservice.cache.size.max: "1610612736"
+      pravegaservice.cache.time.seconds.max: "600"
+      pravegaservice.service.listener.port: "12345"
+      hdfs.block.size: "67108864"
+      writer.flush.threshold.bytes: "67108864"
+      writer.flush.size.bytes.max: "67108864"
+      pravegaservice.container.count: "8"
+      controller.container.count: "8"
+      controller.retention.bucket.count: "4"
+      controller.service.asyncTaskPool.size: "20"
+      controller.retention.thread.count: "4"
+      log.level: "INFO"
+      # emptyDirVolumeMounts: "heap-dump=/tmp/dumpfile/heap,logs=/opt/pravega/logs"
+      # hostPathVolumeMounts: "foo=/tmp/foo,bar=/tmp/bar"
+      # configMapVolumeMounts: "prvg-logback:logback.xml=/opt/pravega/conf/logback.xml"
+
+      ## The following parameters are only useful if you are going to deploy metrics in this cluster.
+
+      # metrics.dynamicCache.size: "100000"
+      # metrics.statistics.enable: "true"
+      # metrics.statsD.reporter.enable: "false"
+      # metrics.statsD.connect.host: "telegraph.default"
+      # metrics.statsD.connect.port: "8125"
+      # metrics.influxDB.reporter.enable: "true"
+      # metrics.output.frequency.seconds: "10"
+      # metrics.influxDB.connect.uri: "http://INFLUXDB-IP:8086"
+      # controller.metrics.dynamicCache.size: "100000"
+      # controller.metrics.statistics.enable: "true"
+      # controller.metrics.statsD.reporter.enable: "false"
+      # controller.metrics.statsD.connect.host: "telegraph.default"
+      # controller.metrics.statsD.connect.port: "8125"
+      # controller.metrics.influxDB.reporter.enable: "true"
+      # controller.metrics.output.frequency.seconds: "10"
+      # controller.metrics.influxDB.connect.uri: "http://INFLUXDB-IP:8086"
+      # hostPathVolumeMounts: "foo=/tmp/foo,bar=/tmp/bar"
+
+      # Security configurations for Pravega
+      # See https://github.com/pravega/pravega/blob/master/documentation/src/docs/security/pravega-security-configurations.md
+
+      # Once the secrets names for controller and segment store is passed in the `tls` block,
+      # TLS configuration parameters can be passed as options shown below.
+      # controller.security.tls.enable: "true"
+      # controller.security.tls.server.certificate.location: "/etc/secret-volume/controller01.pem"
+      # controller.security.tls.server.privateKey.location: "/etc/secret-volume/controller01.key.pem"
+      # controller.security.tls.server.keyStore.location: "/etc/secret-volume/controller01.jks"
+      # controller.security.tls.server.keyStore.pwd.location: "/etc/secret-volume/password"
+      # pravegaservice.security.tls.enable: "true"
+      # pravegaservice.security.tls.server.certificate.location: "/etc/secret-volume/segmentStore01.pem"
+      # pravegaservice.security.tls.server.privateKey.location: "/etc/secret-volume/segmentStore01.key.pem"
+
+      # NOTE: The mount dir for tls secrets is /etc/secret-volume
+
+      # Once the secret names for controller and segment store is passed in the `authentication` block,
+      # Auth Configuration parameters can be passed as options shown below.
+      # controller.security.auth.enable: "true"
+      # controller.security.pwdAuthHandler.accountsDb.location: "/etc/auth-passwd-volume/userdata.txt"
+      # controller.security.auth.delegationToken.signingKey.basis: "secret"
+      # autoScale.controller.connect.security.auth.enable: "true"
+      # autoScale.security.auth.token.signingKey.basis: "secret"
+      # pravega.client.auth.token: "YWRtaW46MTExMV9hYWFh"
+      # pravega.client.auth.method: "Basic"
+
+      # NOTE: The mount dir for auth secrets is /etc/auth-passwd-volume.
diff --git a/doc/longtermstorage.md b/doc/longtermstorage.md
@@ -13,7 +13,7 @@ The following LongTermStorage storage providers are supported:
 The following example uses an NFS volume provisioned by the [NFS Server Provisioner](https://github.com/kubernetes/charts/tree/master/stable/nfs-server-provisioner) helm chart to provide LongTermStorage storage.
 
 ```
-$ helm repo add stable https://kubernetes-charts.storage.googleapis.com
+$ helm repo add stable https://charts.helm.sh/stable
 $ helm repo update
 $ helm install stable/nfs-server-provisioner --generate-name
 ```

diff --git a/doc/manual-installation.md b/doc/manual-installation.md
@@ -31,6 +31,7 @@ Create the operator role, role binding and service account.
 $ kubectl create -f deploy/role.yaml
 $ kubectl create -f deploy/role_binding.yaml
 $ kubectl create -f deploy/service_account.yaml
+$ kubectl create -f deploy/version_map.yaml
 ```
 Install the operator.
 ```
@@ -62,53 +63,18 @@ In this example we are going to use a `pravega-tier2` PVC using [NFS as the stor
 
 ### Install the Pravega cluster manually
 
-Once the operator is installed, you can use the following YAML template to install a small development Pravega Cluster (1 Controller, 3 Segment Stores). Create a `pravega.yaml` file with the following content.
+Deploying the Pravega cluster.
 
-```yaml
-apiVersion: "pravega.pravega.io/v1beta1"
-kind: "PravegaCluster"
-metadata:
-  name: "pravega"
-spec:
-  version: 0.7.0
-  zookeeperUri: [ZOOKEEPER_SVC]:2181
-  bookkeeperUri: [BOOKKEEPER_SVC]:3181"
-  pravega:
-    controllerReplicas: 1
-    segmentStoreReplicas: 3
-    cacheVolumeClaimTemplate:
-      accessModes: [ "ReadWriteOnce" ]
-      storageClassName: "standard"
-      resources:
-        requests:
-          storage: 20Gi
-    image:
-      repository: pravega/pravega
-    longtermStorage:
-      filesystem:
-        persistentVolumeClaim:
-          claimName: pravega-tier2
 ```
-
-where:
-
-- `[ZOOKEEPER_SVC]` is the name of client service of your Zookeeper deployment.
-- `[BOOKKEEPER_SVC]` is the name of the headless service of your Bookkeeper deployment.
-
-Check out other sample CR files in the [example](https://github.com/pravega/pravega-operator/tree/master/example) directory.
-
-Deploy the Pravega cluster.
-
-```
-$ kubectl create -f pravega.yaml
+$ kubectl create -f deploy/crds/pravega-cr.yaml
 ```
 
 Verify that the cluster instances and its components are being created.
 
 ```
 $ kubectl get PravegaCluster
-NAME      VERSION   DESIRED MEMBERS   READY MEMBERS   AGE
-pravega   0.7.0     4                 0               25s
+NAME      VERSION   DESIRED VERSION   DESIRED MEMBERS   READY MEMBERS   AGE
+pravega   0.10.0    0.10.0            4                 0               58s
 ```
 
 **Note:** If we are installing pravega version 0.9.0 or above using operator version 0.5.1 or below, add the below JVM options for controller and segmentstore in addition to the current JVM options.
@@ -121,7 +87,7 @@ controllerjvmOptions: ["-XX:+UseContainerSupport","-XX:+IgnoreUnrecognizedVMOpti
 ### Uninstall the Pravega cluster manually
 
 ```
-$ kubectl delete -f pravega.yaml
+$ kubectl delete -f deploy/crds/pravega-cr.yaml
 $ kubectl delete pvc pravega-tier2
 ```