Merge pull request #311 native + nonroot images with entrypoints

Extract entrypoint command from bin scripts, try native-image zookeeper

Author: solsson

README.md

@@ -57,7 +57,8 @@ Then pick and chose from patches our [example variants](https://github.com/Yolea
 
 | tag    | k8s ≥ | highlights  |
 | ------ | ----- | ----------- |
-|  TBD   | 1.13+ | Kafka [2.4.0](https://github.com/Yolean/kubernetes-kafka/pull/297) + [standard storage class](https://github.com/Yolean/kubernetes-kafka/pull/294) |
+| v7.0.0 | 1.15+ | [Breaking](https://github.com/Yolean/kubernetes-kafka/pull/311#issuecomment-657181714) with [nonroot](./nonroot/) and [native](./native/) bases |
+| v6.0.x | 1.13+ | Kafka [2.4.0](https://github.com/Yolean/kubernetes-kafka/pull/297) + [standard storage class](https://github.com/Yolean/kubernetes-kafka/pull/294) |
 | v6.0.0 | 1.11+ | Kafka 2.2.0 + `apply -k` (kubectl 1.14+) + [#270](https://github.com/Yolean/kubernetes-kafka/pull/270) |
 | v5.1.0 | 1.11+ | Kafka 2.1.1 |
 | v5.0.3 | 1.11+ | Zookeeper fix [#227](https://github.com/Yolean/kubernetes-kafka/pull/227) + [maxClientCnxns=1](https://github.com/Yolean/kubernetes-kafka/pull/230#issuecomment-445953857) |

cruise-control/topic-create.yml

@@ -8,7 +8,7 @@ spec:
     spec:
       containers:
       - name: topic-create
-        image: solsson/kafka:native-cli@sha256:7a4cc4ef875aea50b8d4dbb525cbac0ef3a5c6e611fcafc2c415ca432ebe5601
+        image: solsson/kafka:native-cli@sha256:fbf29c59182fb87921c5199783d2d5796856ecbfe34a9c03eca658b3cf50f3c4
         command:
         - ./bin/kafka-topics.sh
         - --zookeeper

events-kube/topic-create.yaml

@@ -8,7 +8,7 @@ spec:
     spec:
       containers:
       - name: topic-create
-        image: solsson/kafka:native-cli@sha256:7a4cc4ef875aea50b8d4dbb525cbac0ef3a5c6e611fcafc2c415ca432ebe5601
+        image: solsson/kafka:native-cli@sha256:fbf29c59182fb87921c5199783d2d5796856ecbfe34a9c03eca658b3cf50f3c4
         command:
         - ./bin/kafka-topics.sh
         - --zookeeper

kafka/10broker-config.yml

@@ -41,6 +41,7 @@ data:
     }
     printf '%s\n' "${SEDS[@]}" | sed -f - /etc/kafka-configmap/server.properties > /etc/kafka/server.properties.tmp
     [ $? -eq 0 ] && mv /etc/kafka/server.properties.tmp /etc/kafka/server.properties
+    ln -s /etc/kafka/server.properties /etc/kafka/server.properties.$POD_NAME
 
   server.properties: |-
     ############################# Log Basics #############################
@@ -166,7 +167,7 @@ data:
     zookeeper.connect=zookeeper:2181
 
     # Timeout in ms for connecting to zookeeper
-    #zookeeper.connection.timeout.ms=6000
+    #zookeeper.connection.timeout.ms=18000
 
 
     ############################# Group Coordinator Settings #############################

kafka/20dns.yml

@@ -3,9 +3,12 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: broker
+  name: kafka
   namespace: kafka
+  annotations:
+    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
 spec:
+  publishNotReadyAddresses: true
   ports:
   - port: 9092
   # [podname].broker.kafka.svc.cluster.local

kafka/50kafka.yml

@@ -7,7 +7,7 @@ spec:
   selector:
     matchLabels:
       app: kafka
-  serviceName: "broker"
+  serviceName: "kafka"
   replicas: 3
   updateStrategy:
     type: RollingUpdate
@@ -47,6 +47,14 @@ spec:
       - name: broker
         image: solsson/kafka:2.4.1@sha256:79761e15919b4fe9857ec00313c9df799918ad0340b684c0163ab7035907bb5a
         env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
         - name: CLASSPATH
           value: /opt/kafka/libs/extensions/*
         - name: KAFKA_LOG4J_OPTS
@@ -62,7 +70,7 @@ spec:
           containerPort: 5555
         command:
         - ./bin/kafka-server-start.sh
-        - /etc/kafka/server.properties
+        - /etc/kafka/server.properties.$(POD_NAME)
         lifecycle:
           preStop:
             exec:

kafka/test/kafkacat.yml

@@ -72,7 +72,7 @@ spec:
     spec:
       containers:
       - name: topic-create
-        image: solsson/kafka:native-cli@sha256:7a4cc4ef875aea50b8d4dbb525cbac0ef3a5c6e611fcafc2c415ca432ebe5601
+        image: solsson/kafka:native-cli@sha256:fbf29c59182fb87921c5199783d2d5796856ecbfe34a9c03eca658b3cf50f3c4
         command:
         - ./bin/kafka-topics.sh
         - --zookeeper

kafka/test/produce-consume.yml

@@ -55,7 +55,7 @@ spec:
     spec:
       containers:
       - name: topic-create
-        image: solsson/kafka:native-cli@sha256:7a4cc4ef875aea50b8d4dbb525cbac0ef3a5c6e611fcafc2c415ca432ebe5601
+        image: solsson/kafka:native-cli@sha256:fbf29c59182fb87921c5199783d2d5796856ecbfe34a9c03eca658b3cf50f3c4
         command:
         - ./bin/kafka-topics.sh
         - --zookeeper

native/distroless.yaml

@@ -0,0 +1,9 @@
+# The more specific removes are to make sure that there was a shell that we're removing
+- op: remove
+  path: /spec/template/spec/containers/0/readinessProbe/exec
+- op: remove
+  path: /spec/template/spec/containers/0/readinessProbe
+- op: remove
+  path: /spec/template/spec/containers/0/lifecycle/preStop/exec
+- op: remove
+  path: /spec/template/spec/containers/0/lifecycle/preStop

native/kustomization.yaml

@@ -0,0 +1,17 @@
+bases:
+- ../nonroot
+patchesStrategicMerge:
+- native-image-zookeeper.yaml
+patchesJson6902:
+- target:
+    group: apps
+    version: v1
+    kind: StatefulSet
+    name: pzoo
+  path: distroless.yaml
+- target:
+    group: apps
+    version: v1
+    kind: StatefulSet
+    name: zoo
+  path: distroless.yaml

native/native-image-zookeeper.yaml

@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: pzoo
+spec:
+  template:
+    spec:
+      containers:
+      - name: zookeeper
+        image: solsson/kafka:native-zookeeper-server-start@sha256:ba3a0632240b8906a3b5bb6441e98ad9d9de73cb716b156ca68f1b435c819e8b
+        resources:
+          requests:
+            cpu: 10m
+            memory: 25Mi
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: zoo
+spec:
+  template:
+    spec:
+      containers:
+      - name: zookeeper
+        image: solsson/kafka:native-zookeeper-server-start@sha256:ba3a0632240b8906a3b5bb6441e98ad9d9de73cb716b156ca68f1b435c819e8b
+        resources:
+          requests:
+            cpu: 10m
+            memory: 25Mi

nonroot/entrypoint-from-image.yaml

@@ -0,0 +1,2 @@
+- op: remove
+  path: /spec/template/spec/containers/0/command

nonroot/kustomization.yaml

@@ -2,6 +2,9 @@ bases:
 - ../rbac-namespace-default
 - ../kafka
 - ../zookeeper
+patchesStrategicMerge:
+- nonroot-image-kafka.yaml
+- nonroot-image-zookeeper.yaml
 patchesJson6902:
 - target:
     group: apps
@@ -21,7 +24,21 @@ patchesJson6902:
     kind: StatefulSet
     name: zoo
   path: fsgroup-65534.yaml
-# https://github.com/kubernetes-sigs/kustomize/issues/915#issuecomment-477808963
-patchesStrategicMerge:
-- nonroot-image-kafka.yaml
-- nonroot-image-zookeeper.yaml
+- target:
+    group: apps
+    version: v1
+    kind: StatefulSet
+    name: kafka
+  path: entrypoint-from-image.yaml
+- target:
+    group: apps
+    version: v1
+    kind: StatefulSet
+    name: pzoo
+  path: entrypoint-from-image.yaml
+- target:
+    group: apps
+    version: v1
+    kind: StatefulSet
+    name: zoo
+  path: entrypoint-from-image.yaml

nonroot/nonroot-image-kafka.yaml

@@ -5,6 +5,11 @@ metadata:
 spec:
   template:
     spec:
+      initContainers:
+      - name: init-config
+        image: solsson/kafka:initutils-nonroot@sha256:87f6bb39fd47a6f382018a2dc55a484d1b71eee48a58019c7e65a9bc53e8dca2
       containers:
       - name: broker
-        image: solsson/kafka:2.4.1-nonroot@sha256:ddfdd23081c075b86132f3e5d8e15389c78c4334dbb22166d9ad1d57f362007f
+        image: solsson/kafka:2.5.0-kafka-server-start@sha256:c6d43d1240c358d9ab8bb60de61a0b9578f04fd727ee4016f7706800998e5351
+        args:
+        - /etc/kafka/server.properties.$(POD_NAME)

nonroot/nonroot-image-zookeeper.yaml

@@ -5,9 +5,14 @@ metadata:
 spec:
   template:
     spec:
+      initContainers:
+      - name: init-config
+        image: solsson/kafka:initutils-nonroot@sha256:87f6bb39fd47a6f382018a2dc55a484d1b71eee48a58019c7e65a9bc53e8dca2
       containers:
       - name: zookeeper
-        image: solsson/kafka:2.4.1-nonroot@sha256:ddfdd23081c075b86132f3e5d8e15389c78c4334dbb22166d9ad1d57f362007f
+        image: solsson/kafka:zookeeper-server-start@sha256:c34a9928fcc5ac15b2243ee2994cf09f5a3608b6090de378f39f89ad12320276
+        args:
+        - /etc/kafka/zookeeper.properties.scale-$(REPLICAS).$(POD_NAME)
 ---
 apiVersion: apps/v1
 kind: StatefulSet
@@ -16,6 +21,11 @@ metadata:
 spec:
   template:
     spec:
+      initContainers:
+      - name: init-config
+        image: solsson/kafka:initutils-nonroot@sha256:87f6bb39fd47a6f382018a2dc55a484d1b71eee48a58019c7e65a9bc53e8dca2
       containers:
       - name: zookeeper
-        image: solsson/kafka:2.4.1-nonroot@sha256:ddfdd23081c075b86132f3e5d8e15389c78c4334dbb22166d9ad1d57f362007f
+        image: solsson/kafka:zookeeper-server-start@sha256:c34a9928fcc5ac15b2243ee2994cf09f5a3608b6090de378f39f89ad12320276
+        args:
+        - /etc/kafka/zookeeper.properties.scale-$(REPLICAS).$(POD_NAME)

variants/dev-small/listener-localhost.json

@@ -1,4 +1,4 @@
 [
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/2", "value": "--override"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/3", "value": "advertised.listeners=PLAINTEXT://:9092,OUTSIDE://localhost:9094"}
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/1", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/2", "value": "advertised.listeners=PLAINTEXT://:9092,OUTSIDE://localhost:9094"}
 ]

variants/dev-small/num-partitions-1.json

@@ -1,4 +1,4 @@
 [
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "--override"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "num.partitions=1"}
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "num.partitions=1"}
 ]

variants/scale-1-ephemeral/kafka-scale1-overrides.json

@@ -1,10 +1,10 @@
 [
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "--override"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "default.replication.factor=1"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "--override"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "min.insync.replicas=1"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "--override"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "offsets.topic.replication.factor=1"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "--override"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "offsets.topic.num.partitions=1"}
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "default.replication.factor=1"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "min.insync.replicas=1"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "offsets.topic.replication.factor=1"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "offsets.topic.num.partitions=1"}
 ]

variants/scale-1/kafka-scale1-overrides.json

@@ -1,10 +1,12 @@
 [
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "--override"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "default.replication.factor=1"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "--override"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "min.insync.replicas=1"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "--override"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "offsets.topic.replication.factor=1"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "--override"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "offsets.topic.num.partitions=1"}
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "zookeeper.connect=zoo-0.zoo.$(POD_NAMESPACE).svc.cluster.local:2181" },
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "default.replication.factor=1"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "min.insync.replicas=1"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "offsets.topic.replication.factor=1"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "offsets.topic.num.partitions=1"}
 ]

variants/scale-1/kustomization.yaml

@@ -1,5 +1,5 @@
 bases:
-- ../../nonroot
+- ../../native
 patchesStrategicMerge:
 - kafka.yaml
 - zookeeper.yaml

variants/scale-1/zookeeper.yaml

@@ -19,8 +19,13 @@ spec:
         env:
         - name: PZOO_REPLICAS
           value: '1'
-        - name: ZOO_REPLICAS
-          value: '0'
+        - name: REPLICAS
+          value: '1'
+      containers:
+      - name: zookeeper
+        env:
+        - name: REPLICAS
+          value: '1'
 ---
 apiVersion: apps/v1
 kind: StatefulSet
@@ -37,7 +42,12 @@ spec:
         # There's no validation on these numbers adding up to a coherent zk config, so watch out
         - name: PZOO_REPLICAS
           value: '1'
-        - name: ZOO_REPLICAS
-          value: '0'
+        - name: REPLICAS
+          value: '1'
         - name: ID_OFFSET
           value: '2'
+      containers:
+      - name: zookeeper
+        env:
+        - name: REPLICAS
+          value: '1'

variants/scale-2/kafka-scale2-overrides.json

@@ -1,10 +1,10 @@
 [
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "--override"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "default.replication.factor=2"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "--override"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "min.insync.replicas=2"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "--override"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "offsets.topic.replication.factor=2"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "--override"},
-  {"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "offsets.topic.num.partitions=2"}
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "default.replication.factor=2"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "min.insync.replicas=2"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "offsets.topic.replication.factor=2"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "offsets.topic.num.partitions=2"}
 ]

variants/scale-2/zookeeper.yaml

@@ -22,7 +22,12 @@ spec:
         # There's no validation on these numbers adding up to a coherent zk config, so watch out
         - name: PZOO_REPLICAS
           value: '0'
-        - name: ZOO_REPLICAS
+        - name: REPLICAS
           value: '2'
         - name: ID_OFFSET
           value: '1'
+      containers:
+      - name: zookeeper
+        env:
+        - name: REPLICAS
+          value: '2'

variants/scale-3-3/kafka-zookeeper-connect-only-zoo.json

@@ -0,0 +1,6 @@
+[
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--override"},
+  {"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value":
+    "zookeeper.connect=zoo-0.zoo.$(POD_NAMESPACE).svc.cluster.local:2181,zoo-1.zoo.$(POD_NAMESPACE).svc.cluster.local:2181,zoo-2.zoo.$(POD_NAMESPACE).svc.cluster.local:2181"
+  }
+]

variants/scale-3-3/kustomization.yaml

@@ -0,0 +1,12 @@
+bases:
+- ../scale-3-5
+patchesStrategicMerge:
+- ./only-zoo-3.yaml
+patchesJson6902:
+- target:
+    group: apps
+    version: v1
+    kind: StatefulSet
+    name: kafka
+    namespace: kafka
+  path: kafka-zookeeper-connect-only-zoo.json