streamnative · ericsyh · Nov 27, 2023 · Nov 27, 2023 · Nov 27, 2023 · Nov 27, 2023
@@ -12,73 +12,6 @@ Define the autorecovery hostname
 ${HOSTNAME}.{{ template "pulsar.autorecovery.service" . }}.{{ template "pulsar.namespace" . }}.svc.cluster.local
 {{- end -}}
 
-{{/*
-Define autorecovery zookeeper client tls settings
-*/}}
-{{- define "pulsar.autorecovery.zookeeper.tls.settings" -}}
-{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
-/pulsar/keytool/keytool.sh autorecovery {{ template "pulsar.autorecovery.hostname" . }} true;
-{{- end }}
-{{- end }}
-
-{{/*
-Define autorecovery tls certs mounts
-*/}}
-{{- define "pulsar.autorecovery.certs.volumeMounts" -}}
-{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
-- name: autorecovery-certs
-  mountPath: "/pulsar/certs/autorecovery"
-  readOnly: true
-- name: ca
-  mountPath: "/pulsar/certs/ca"
-  readOnly: true
-{{- if .Values.tls.zookeeper.enabled }}
-- name: keytool
-  mountPath: "/pulsar/keytool/keytool.sh"
-  subPath: keytool.sh
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Define autorecovery tls certs volumes
-*/}}
-{{- define "pulsar.autorecovery.certs.volumes" -}}
-{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
-- name: autorecovery-certs
-  secret:
-    secretName: "{{ template "pulsar.autorecovery.tls.secret.name" . }}"
-    items:
-    - key: tls.crt
-      path: tls.crt
-    - key: tls.key
-      path: tls.key
-- name: ca
-  secret:
-    secretName: "{{ template "pulsar.tls.ca.secret.name" . }}"
-    items:
-    - key: ca.crt
-      path: ca.crt
-{{- if .Values.tls.zookeeper.enabled }}
-- name: keytool
-  configMap:
-    name: "{{ template "pulsar.fullname" . }}-keytool-configmap"
-    defaultMode: 0755
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Define autorecovery init container : verify cluster id
-*/}}
-{{- define "pulsar.autorecovery.init.verify_cluster_id" -}}
-bin/apply-config-from-env.py conf/bookkeeper.conf;
-{{- include "pulsar.autorecovery.zookeeper.tls.settings" . -}}
-until bin/bookkeeper shell whatisinstanceid; do
-  sleep 3;
-done;
-{{- end }}
-
 {{/*
 Define autorecovery log mounts
 */}}
@@ -96,14 +29,3 @@ Define autorecovery log volumes
   configMap:
     name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
 {{- end }}
-
-{{/*
-Define Autorecovery TLS certificate secret name
-*/}}
-{{- define "pulsar.autorecovery.tls.secret.name" -}}
-{{- if .Values.tls.autorecovery.certSecretName -}}
-{{- .Values.tls.autorecovery.certSecretName -}}
-{{- else -}}
-{{ .Release.Name }}-{{ .Values.tls.autorecovery.cert_name }}
-{{- end -}}
-{{- end -}}
@@ -12,16 +12,6 @@ Define the bookkeeper hostname
 ${HOSTNAME}.{{ template "pulsar.bookkeeper.service" . }}.{{ template "pulsar.namespace" . }}.svc.cluster.local
 {{- end -}}
 
-
-{{/*
-Define bookie zookeeper client tls settings
-*/}}
-{{- define "pulsar.bookkeeper.zookeeper.tls.settings" -}}
-{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
-/pulsar/keytool/keytool.sh bookie {{ template "pulsar.bookkeeper.hostname" . }} true;
-{{- end }}
-{{- end }}
-
 {{- define "pulsar.bookkeeper.journal.pvc.name" -}}
 {{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}
 {{- end }}
@@ -46,53 +36,6 @@ storageClassName: "{{ .Values.bookkeeper.volumes.ledgers.storageClassName }}"
 {{- end }}
 {{- end }}
 
-{{/*
-Define bookie tls certs mounts
-*/}}
-{{- define "pulsar.bookkeeper.certs.volumeMounts" -}}
-{{- if and .Values.tls.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled) }}
-- name: bookie-certs
-  mountPath: "/pulsar/certs/bookie"
-  readOnly: true
-- name: ca
-  mountPath: "/pulsar/certs/ca"
-  readOnly: true
-{{- if .Values.tls.zookeeper.enabled }}
-- name: keytool
-  mountPath: "/pulsar/keytool/keytool.sh"
-  subPath: keytool.sh
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Define bookie tls certs volumes
-*/}}
-{{- define "pulsar.bookkeeper.certs.volumes" -}}
-{{- if and .Values.tls.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled) }}
-- name: bookie-certs
-  secret:
-    secretName: "{{ template "pulsar.bookie.tls.secret.name" . }}"
-    items:
-    - key: tls.crt
-      path: tls.crt
-    - key: tls.key
-      path: tls.key
-- name: ca
-  secret:
-    secretName: "{{ template "pulsar.tls.ca.secret.name" . }}"
-    items:
-    - key: ca.crt
-      path: ca.crt
-{{- if .Values.tls.zookeeper.enabled }}
-- name: keytool
-  configMap:
-    name: "{{ template "pulsar.fullname" . }}-keytool-configmap"
-    defaultMode: 0755
-{{- end }}
-{{- end }}
-{{- end }}
-
 {{/*
 Define bookie common config
 */}}
@@ -108,42 +51,6 @@ statsProviderClass: org.apache.bookkeeper.stats.prometheus.PrometheusMetricsProv
 useHostNameAsBookieID: "true"
 {{- end }}
 
-{{/*
-Define bookie tls config
-*/}}
-{{- define "pulsar.bookkeeper.config.tls" -}}
-{{- if and .Values.tls.enabled .Values.tls.bookie.enabled }}
-PULSAR_PREFIX_tlsProviderFactoryClass: org.apache.bookkeeper.tls.TLSContextFactory
-PULSAR_PREFIX_tlsCertificatePath: /pulsar/certs/bookie/tls.crt
-PULSAR_PREFIX_tlsKeyStoreType: PEM
-PULSAR_PREFIX_tlsKeyStore: /pulsar/certs/bookie/tls.key
-PULSAR_PREFIX_tlsTrustStoreType: PEM
-PULSAR_PREFIX_tlsTrustStore: /pulsar/certs/ca/ca.crt
-{{- end }}
-{{- end }}
-
-{{/*
-Define bookie init container : verify cluster id
-*/}}
-{{- define "pulsar.bookkeeper.init.verify_cluster_id" -}}
-{{- if not (and .Values.volumes.persistence .Values.bookkeeper.volumes.persistence) }}
-bin/apply-config-from-env.py conf/bookkeeper.conf;
-{{- include "pulsar.bookkeeper.zookeeper.tls.settings" . -}}
-until bin/bookkeeper shell whatisinstanceid; do
-  sleep 3;
-done;
-bin/bookkeeper shell bookieformat -nonInteractive -force -deleteCookie || true
-{{- end }}
-{{- if and .Values.volumes.persistence .Values.bookkeeper.volumes.persistence }}
-set -e;
-bin/apply-config-from-env.py conf/bookkeeper.conf;
-{{- include "pulsar.bookkeeper.zookeeper.tls.settings" . -}}
-until bin/bookkeeper shell whatisinstanceid; do
-  sleep 3;
-done;
-{{- end }}
-{{- end }}
-
 {{/*
 Define bookkeeper log mounts
 */}}
@@ -228,13 +135,3 @@ ad.datadoghq.com/{{ template "pulsar.bookkeeper.podName" . }}.instances: |
 {{- end -}}
 {{- end -}}
 
-{{/*
-Define Bookie TLS certificate secret name
-*/}}
-{{- define "pulsar.bookie.tls.secret.name" -}}
-{{- if .Values.tls.bookie.certSecretName -}}
-{{- .Values.tls.bookie.certSecretName -}}
-{{- else -}}
-{{ .Release.Name }}-{{ .Values.tls.bookie.cert_name }}
-{{- end -}}
-{{- end -}}
@@ -119,10 +119,6 @@ spec:
     {{- include "pulsar.bookkeeper.certs.volumes" . | nindent 4 }}
     {{- include "pulsar.bookkeeper.log.volumes" . | nindent 4 }}
     {{- end }}
-    {{- if and (not .Values.bookkeeper.operator.adopt_existing) .Values.tls.bookie.enabled }}
-    volumes:
-    {{- include "pulsar.bookkeeper.certs.volumes" . | nindent 4 }}
-    {{- end }}
   {{- if and .Values.volumes.persistence .Values.bookkeeper.volumes.persistence}}
   storage:
     journal:
@@ -176,7 +172,6 @@ spec:
       ledgerDirectories: "/pulsar/data/bookkeeper/ledgers"
       PULSAR_PREFIX_ledgerDirectories: "/pulsar/data/bookkeeper/ledgers"
       {{- end }}
-{{- include "pulsar.bookkeeper.config.tls" . | nindent 6 }}
 {{ (.Files.Glob "conf/bookie/log4j2.yaml").AsConfig | indent 6 }}
   autoRecovery:
     {{- if .Values.components.autorecovery }}
@@ -280,10 +275,6 @@ spec:
       {{- include "pulsar.bookkeeper.certs.volumeMounts" . | nindent 6 }}
       {{- include "pulsar.bookkeeper.log.volumeMounts" . | nindent 6 }}
       {{- end }}
-      {{- if and (not .Values.bookkeeper.operator.adopt_existing) .Values.tls.bookie.enabled }}
-      volumeMounts:
-      {{- include "pulsar.bookkeeper.certs.volumeMounts" . | nindent 6 }}
-      {{- end }}
     autoRecoveryStatefulSet:
       metadata:
         name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"

@@ -74,15 +74,6 @@ Define the broker znode prefix
 {{ .Values.metadataPrefix }}/loadbalance/brokers/
 {{- end }}
 
-{{/*
-Define broker zookeeper client tls settings
-NOTE: `BROKER_ADDRESS` should be set before using this template
-*/}}
-{{- define "pulsar.broker.zookeeper.tls.settings" -}}
-{{- if and .Values.tls.enabled (or .Values.tls.zookeeper.enabled (and .Values.tls.broker.enabled .Values.broker.kop.enabled)) }}
-/pulsar/keytool/keytool.sh broker ${BROKER_ADDRESS} true;
-{{- end }}
-{{- end }}
 
 {{/*
 Define broker kop settings
@@ -97,33 +88,6 @@ export PULSAR_PREFIX_listeners="PLAINTEXT://{{ template "pulsar.broker.hostname"
 {{- end }}
 {{- end }}
 
-{{/*
-Define broker tls certs mounts
-*/}}
-{{- define "pulsar.broker.certs.volumeMounts" -}}
-{{- if and .Values.tls.enabled (or .Values.tls.broker.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled)) }}
-{{- if or .Values.tls.zookeeper.enabled .Values.broker.kop.enabled }}
-- name: keytool
-  mountPath: "/pulsar/keytool/keytool.sh"
-  subPath: keytool.sh
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Define broker tls certs volumes
-*/}}
-{{- define "pulsar.broker.certs.volumes" -}}
-{{- if and .Values.tls.enabled (or .Values.tls.broker.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled)) }}
-{{- if or .Values.tls.zookeeper.enabled .Values.broker.kop.enabled }}
-- name: keytool
-  configMap:
-    name: "{{ template "pulsar.fullname" . }}-keytool-configmap"
-    defaultMode: 0755
-{{- end }}
-{{- end }}
-{{- end }}
-
 {{/*
 Define broker log mounts
 */}}

@@ -98,7 +98,6 @@ spec:
 {{- end }}
     {{- if or .Values.tls.broker.enabled .Values.broker.extraVolumes }}
     volumes:
-    {{- include "pulsar.broker.certs.volumes" . | nindent 4 }}
 {{- with .Values.broker.extraVolumes }}
 {{ toYaml . | indent 4 }}
 {{- end }}
@@ -365,7 +364,6 @@ spec:
     statefulSet:
 {{- if or .Values.tls.broker.enabled .Values.broker.extraVolumeMounts }}
       volumeMounts:
-      {{- include "pulsar.broker.certs.volumeMounts" . | nindent 6 }}
 {{- with .Values.broker.extraVolumeMounts }}
 {{ toYaml . | indent 6 }}
 {{- end }}

@@ -19,7 +19,7 @@
 
 # script to process key/cert to keystore and truststore
 {{- if .Values.tls.enabled }}
-{{- if or .Values.tls.zookeeper.enabled (or .Values.tls.streamnative_console.enabled (and .Values.tls.broker.enabled .Values.broker.kop.enabled)) }}
+{{- if (and .Values.tls.broker.enabled .Values.broker.kop.enabled)}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -96,13 +96,6 @@ data:
 
     if [[ "x${isClient}" == "xtrue" ]]; then
         echo "update tls client settings ..."
-{{- if .Values.tls.zookeeper.enabled }}
-        echo $'\n' >> conf/pulsar_env.sh
-        echo "PULSAR_EXTRA_OPTS=\"${PULSAR_EXTRA_OPTS} -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=${keyStoreFile} -Dzookeeper.ssl.keyStore.password=${PASSWORD} -Dzookeeper.ssl.trustStore.location=${trustStoreFile} -Dzookeeper.ssl.trustStore.password=${PASSWORD}\"" >> conf/pulsar_env.sh
-        echo $'\n' >> conf/bkenv.sh
-        echo "BOOKIE_EXTRA_OPTS=\"${BOOKIE_EXTRA_OPTS} -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=${keyStoreFile} -Dzookeeper.ssl.keyStore.password=${PASSWORD} -Dzookeeper.ssl.trustStore.location=${trustStoreFile} -Dzookeeper.ssl.trustStore.password=${PASSWORD}\"" >> conf/bkenv.sh
-        echo $'\n' >> conf/bkenv.sh
-{{- end }}
 {{- if and .Values.tls.broker.enabled .Values.broker.kop.enabled }}
         echo $'\n' >> conf/broker.conf
         echo "kopSslKeystorePassword=${PASSWORD}" >> conf/broker.conf
@@ -113,11 +106,7 @@ data:
 {{- end }}
     else
         echo "update tls client settings ..."
-{{- if .Values.tls.zookeeper.enabled }}
-        echo $'\n' >> conf/pulsar_env.sh
-        echo "PULSAR_EXTRA_OPTS=\"${PULSAR_EXTRA_OPTS} -Dzookeeper.ssl.keyStore.location=${keyStoreFile} -Dzookeeper.ssl.keyStore.password=${PASSWORD} -Dzookeeper.ssl.trustStore.location=${trustStoreFile} -Dzookeeper.ssl.trustStore.password=${PASSWORD}\"" >> conf/pulsar_env.sh
-{{- end }}
     fi
     echo ${PASSWORD} > conf/password
 {{- end }}
-{{- end }}
+{{- end }}