From 2b1c97b55e9dd8c0ba597494f6f525c2659f39c3 Mon Sep 17 00:00:00 2001 From: Yasmina Menendez Date: Fri, 17 Jan 2025 13:47:26 +0100 Subject: [PATCH 1/4] Modify services to allow to configure ipFamilies and ipFamilyPolicy --- bitnami/kafka/templates/broker/svc-external-access.yaml | 7 +++++++ bitnami/kafka/templates/broker/svc-headless.yaml | 7 +++++++ .../templates/controller-eligible/svc-external-access.yaml | 7 +++++++ .../kafka/templates/controller-eligible/svc-headless.yaml | 7 +++++++ bitnami/kafka/templates/metrics/jmx-svc.yaml | 7 +++++++ bitnami/kafka/templates/svc.yaml | 7 +++++++ 6 files changed, 42 insertions(+) diff --git a/bitnami/kafka/templates/broker/svc-external-access.yaml b/bitnami/kafka/templates/broker/svc-external-access.yaml index 3630430f5b97f0..6b76bcf1097f1a 100644 --- a/bitnami/kafka/templates/broker/svc-external-access.yaml +++ b/bitnami/kafka/templates/broker/svc-external-access.yaml @@ -63,6 +63,13 @@ spec: app.kubernetes.io/part-of: kafka app.kubernetes.io/component: broker statefulset.kubernetes.io/pod-name: {{ $targetPod }} + ipFamilyPolicy: {{ $.Values.global.ipFamilyPolicy | default "SingleStack" }} + ipFamilies: + {{- if $.Values.global.ipFamily -}} + {{ $.Values.global.ipFamily | toYaml | nindent 2 }} + {{- else }} + - IPv4 + {{- end }} --- {{- end }} {{- end }} diff --git a/bitnami/kafka/templates/broker/svc-headless.yaml b/bitnami/kafka/templates/broker/svc-headless.yaml index 3484eba38574cc..052122c0d1a4ad 100644 --- a/bitnami/kafka/templates/broker/svc-headless.yaml +++ b/bitnami/kafka/templates/broker/svc-headless.yaml @@ -35,4 +35,11 @@ spec: selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: broker app.kubernetes.io/part-of: kafka + ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy | default "SingleStack" }} + ipFamilies: + {{- if .Values.global.ipFamily -}} + {{ .Values.global.ipFamily | toYaml | nindent 2 }} + {{- else }} + - IPv4 + {{- end }} {{- end }} diff --git a/bitnami/kafka/templates/controller-eligible/svc-external-access.yaml b/bitnami/kafka/templates/controller-eligible/svc-external-access.yaml index 0a4901d5b0a97c..437f77a921e526 100644 --- a/bitnami/kafka/templates/controller-eligible/svc-external-access.yaml +++ b/bitnami/kafka/templates/controller-eligible/svc-external-access.yaml @@ -64,6 +64,13 @@ spec: app.kubernetes.io/part-of: kafka app.kubernetes.io/component: controller-eligible statefulset.kubernetes.io/pod-name: {{ $targetPod }} + ipFamilyPolicy: {{ $.Values.global.ipFamilyPolicy | default "SingleStack" }} + ipFamilies: + {{- if $.Values.global.ipFamily -}} + {{ $.Values.global.ipFamily | toYaml | nindent 2 }} + {{- else }} + - IPv4 + {{- end }} --- {{- end }} {{- end }} diff --git a/bitnami/kafka/templates/controller-eligible/svc-headless.yaml b/bitnami/kafka/templates/controller-eligible/svc-headless.yaml index b74733bd2cf80c..365ab64d0c6fbb 100644 --- a/bitnami/kafka/templates/controller-eligible/svc-headless.yaml +++ b/bitnami/kafka/templates/controller-eligible/svc-headless.yaml @@ -43,4 +43,11 @@ spec: selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: controller-eligible app.kubernetes.io/part-of: kafka + ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy | default "SingleStack" }} + ipFamilies: + {{- if .Values.global.ipFamily -}} + {{ .Values.global.ipFamily | toYaml | nindent 2 }} + {{- else }} + - IPv4 + {{- end }} {{- end }} diff --git a/bitnami/kafka/templates/metrics/jmx-svc.yaml b/bitnami/kafka/templates/metrics/jmx-svc.yaml index b305cd514855ae..8e9d7a707e7b8c 100644 --- a/bitnami/kafka/templates/metrics/jmx-svc.yaml +++ b/bitnami/kafka/templates/metrics/jmx-svc.yaml @@ -28,4 +28,11 @@ spec: targetPort: metrics selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/part-of: kafka + ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy | default "SingleStack" }} + ipFamilies: + {{- if .Values.global.ipFamily -}} + {{ .Values.global.ipFamily | toYaml | nindent 2 }} + {{- else }} + - IPv4 + {{- end }} {{- end }} diff --git a/bitnami/kafka/templates/svc.yaml b/bitnami/kafka/templates/svc.yaml index c2e28ac67fcaa6..4b31883d1b7c5e 100644 --- a/bitnami/kafka/templates/svc.yaml +++ b/bitnami/kafka/templates/svc.yaml @@ -67,3 +67,10 @@ spec: {{- if and .Values.kraft.enabled .Values.controller.controllerOnly }} app.kubernetes.io/component: broker {{- end }} + ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy | default "SingleStack" }} + ipFamilies: + {{- if .Values.global.ipFamily -}} + {{ .Values.global.ipFamily | toYaml | nindent 2 }} + {{- else }} + - IPv4 + {{- end }} From 6a882b7c5c52238b36f7fa4a00634c4caeaba6fd Mon Sep 17 00:00:00 2001 From: Yasmina Menendez Date: Fri, 17 Jan 2025 13:47:45 +0100 Subject: [PATCH 2/4] Add default values --- bitnami/kafka/values.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/bitnami/kafka/values.yaml b/bitnami/kafka/values.yaml index c50050b2d66714..5f01d28ec114eb 100644 --- a/bitnami/kafka/values.yaml +++ b/bitnami/kafka/values.yaml @@ -19,6 +19,18 @@ global: ## - myRegistryKeySecretName ## imagePullSecrets: [] + ## E.g. + ## ipFamily: + ## - IPv4 + ## Possible values: [IPv4, IPv6] or both in case of DualStack policy + ## + ipFamily: + - IPv4 + ## E.g. + ## ipFamilyPolicy: SingleStack + ## Possible values: [SingleStack, PreferDualStack, RequireDualStack] + ## + ipFamilyPolicy: SingleStack defaultStorageClass: "" storageClass: "" ## Security parameters From 0ed719b320e0d7d54252abe43bb1088d2fa3fcd4 Mon Sep 17 00:00:00 2001 From: Yasmina Menendez Date: Fri, 17 Jan 2025 14:00:08 +0100 Subject: [PATCH 3/4] Add new parameters to Readme --- bitnami/kafka/README.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/bitnami/kafka/README.md b/bitnami/kafka/README.md index 34188f34e584e4..76588851dac790 100644 --- a/bitnami/kafka/README.md +++ b/bitnami/kafka/README.md @@ -439,14 +439,16 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru ### Global parameters -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | -| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | -| `global.security.allowInsecureImages` | Allows skipping image verification | `false` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.ipFamilies` | Global IpFamilies Services | `["IPv4"]` | +| `global.ipFamilyPolicy` | Global IpFamilyPolicy Services registry | `SingleStack` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | +| `global.security.allowInsecureImages` | Allows skipping image verification | `false` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | ### Common parameters From 85ed72a18f4225fa7eedaa16181996140b6c7ba4 Mon Sep 17 00:00:00 2001 From: Yasmina Menendez Date: Fri, 17 Jan 2025 14:19:27 +0100 Subject: [PATCH 4/4] Chart version bumped --- bitnami/kafka/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bitnami/kafka/Chart.yaml b/bitnami/kafka/Chart.yaml index 63b233b32b7b62..f2a9afe63218f1 100644 --- a/bitnami/kafka/Chart.yaml +++ b/bitnami/kafka/Chart.yaml @@ -40,4 +40,4 @@ maintainers: name: kafka sources: - https://github.com/bitnami/charts/tree/main/bitnami/kafka -version: 31.2.0 +version: 31.2.1