From fb57a690c22bff39dca199a0320cb9bf591c6b38 Mon Sep 17 00:00:00 2001 From: Kiryl Valkovich Date: Sun, 2 Nov 2025 17:22:21 +0400 Subject: [PATCH 01/12] Initial Dekaf UI support --- README.md | 24 +++++ charts/pulsar/templates/dekaf-deployment.yaml | 94 +++++++++++++++++++ .../pulsar/templates/dekaf-persistence.yaml | 25 +++++ charts/pulsar/templates/dekaf-service.yaml | 41 ++++++++ charts/pulsar/values.yaml | 46 +++++++++ 5 files changed, 230 insertions(+) create mode 100644 charts/pulsar/templates/dekaf-deployment.yaml create mode 100644 charts/pulsar/templates/dekaf-persistence.yaml create mode 100644 charts/pulsar/templates/dekaf-service.yaml diff --git a/README.md b/README.md index b877cfde..3f9e27cd 100644 --- a/README.md +++ b/README.md @@ -325,8 +325,32 @@ zookeeper: This is shown in some [examples/values-disable-monitoring.yaml](examples/values-disable-monitoring.yaml). +## Dekaf UI + +[Dekaf](github.com/visortelle/dekaf) is a new open-source UI for Apache Pulsar. + +> :warning: At this moment Dekaf doesn't have built-in authentication. In order to prevent unwanted access, it relies on authentication on the Pulsar broker side. +> If your Pulsar instance stores sensitive data, make sure that: +> - You have configured authentication on the Pulsar side +> - Dekaf isn't accessible from the Internet +> - Only authorized persons have access to you Kubernetes namespace +> Improvements in this area are planned to be implemented later. + +To enable the Dekaf component: + +- Set the `components.dekaf` property to `true` in the Helm release `values.yaml` file. +- Run the following command to make Dekaf service accessible on your local machine. + +``` +kubectl port-forward svc/$(kubectl get svc -l component=dekaf -o jsonpath='{.items[0].metadata.name}') 8090:8090 +``` + +- Open in browser. + ## Pulsar Manager +> :warning: Pulsar Manager has been poorly maintained for a long time. Consider the Dekaf UI instead. + The Pulsar Manager can be deployed alongside the pulsar cluster instance. Depending on the given settings it uses an existing Secret within the given namespace or creates a new one, with random passwords for both, the UI and the internal database. diff --git a/charts/pulsar/templates/dekaf-deployment.yaml b/charts/pulsar/templates/dekaf-deployment.yaml new file mode 100644 index 00000000..e928c550 --- /dev/null +++ b/charts/pulsar/templates/dekaf-deployment.yaml @@ -0,0 +1,94 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.dekaf }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pulsar.fullname" . }}-{{ .Values.dekaf.component }} + namespace: {{ template "pulsar.namespace" . }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.dekaf.component }} + annotations: {{ .Values.dekaf.deployment.annotations | toYaml | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "pulsar.matchLabels" . | nindent 6 }} + component: {{ .Values.dekaf.component }} + strategy: + type: Recreate + template: + metadata: + labels: + {{- include "pulsar.template.labels" . | nindent 8 }} + component: {{ .Values.dekaf.component }} + annotations: {{ .Values.dekaf.deployment.podAnnotations | toYaml | nindent 8 }} + spec: + {{- if .Values.dekaf.deployment.nodeSelector }} + nodeSelector: +{{ toYaml .Values.dekaf.deployment.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.dekaf.deployment.tolerations }} + tolerations: +{{ toYaml .Values.dekaf.deployment.tolerations | indent 8 }} + {{- end }} + containers: + - name: dekaf + image: "{{ .Values.images.dekaf.repository }}:{{ .Values.images.dekaf.tag }}" + imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.dekaf "root" .) }}" + env: + - name: DEKAF_PULSAR_WEB_URL + value: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}" + - name: DEKAF_PULSAR_BROKER_URL + value: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}" + {{- if .Values.dekaf.deployment.extraEnv }} +{{- toYaml .Values.dekaf.deployment.extraEnv | nindent 12 }} + {{- end }} + ports: + - containerPort: 8090 + name: http + resources: {{ .Values.dekaf.deployment.podAnnotations | toYaml | nindent 12 }} + livenessProbe: {{ .Values.dekaf.deployment.livenessProbe | toYaml | nindent 12}} + readinessProbe: {{.Values.dekaf.deployment.readinessProbe | toYaml | nindent 12 }} + + {{- if .Values.dekaf.persistence.enabled }} + volumeMounts: + - name: {{ template "pulsar.fullname" . }}-{{ .Values.dekaf.component }}-library + mountPath: /dekaf/data/library + {{- end }} + + {{- if .Values.dekaf.deployment.extraVolumeMounts }} +{{- toYaml .Values.dekaf.deployment.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- if .Values.dekaf.deployment.extraContainers }} + {{- toYaml .Values.dekaf.deployment.extraContainers | nindent 8 }} + {{- end }} + + volumes: + {{- if .Values.dekaf.persistence.enabled }} + - name: {{ template "pulsar.fullname" . }}-{{ .Values.dekaf.component }}-library + persistentVolumeClaim: + claimName: {{ template "pulsar.fullname" . }}-{{ .Values.dekaf.component }}-library + {{- end }} + {{- if .Values.dekaf.deployment.extraVolumes }} +{{- toYaml .Values.dekaf.deployment.extraVolumes | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/pulsar/templates/dekaf-persistence.yaml b/charts/pulsar/templates/dekaf-persistence.yaml new file mode 100644 index 00000000..4a5e8811 --- /dev/null +++ b/charts/pulsar/templates/dekaf-persistence.yaml @@ -0,0 +1,25 @@ +{{- if .Values.dekaf.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "pulsar.fullname" . }}-{{ .Values.dekaf.component }}-library + namespace: {{ template "pulsar.namespace" . }} + + {{- with .Values.dekaf.persistence.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + + {{- with .Values.dekaf.persistence.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + +spec: + accessModes: + {{- toYaml .Values.dekaf.persistence.accessModes | nindent 4 }} + resources: + requests: + storage: "{{ .Values.dekaf.persistence.size }}" + storageClassName: {{ .Values.dekaf.persistence.storageClass }} +{{- end }} \ No newline at end of file diff --git a/charts/pulsar/templates/dekaf-service.yaml b/charts/pulsar/templates/dekaf-service.yaml new file mode 100644 index 00000000..d52b4434 --- /dev/null +++ b/charts/pulsar/templates/dekaf-service.yaml @@ -0,0 +1,41 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.dekaf }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pulsar.fullname" . }}-{{ .Values.dekaf.component }} + namespace: {{ template "pulsar.namespace" . }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.dekaf.component }} +{{- with .Values.dekaf.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + ports: + - name: http + port: 8090 + targetPort: 8090 + selector: + {{- include "pulsar.matchLabels" . | nindent 4 }} + component: {{ .Values.dekaf.component }} +{{- end }} \ No newline at end of file diff --git a/charts/pulsar/values.yaml b/charts/pulsar/values.yaml index 6e6293e9..ca2cfb60 100755 --- a/charts/pulsar/values.yaml +++ b/charts/pulsar/values.yaml @@ -135,6 +135,8 @@ components: toolset: true # pulsar manager pulsar_manager: false + # dekaf UI + dekaf: false # default image repository for pulsar images defaultPulsarImageRepository: apachepulsar/pulsar-all @@ -208,6 +210,11 @@ images: # uses defaultPullPolicy when unspecified pullPolicy: hasCommand: false + dekaf: + repository: visortelle/dekaf + tag: 1.0.0 + # uses defaultPullPolicy when unspecified + pullPolicy: oxia: repository: oxia/oxia tag: 0.14.4 @@ -1807,6 +1814,7 @@ victoria-metrics-k8s-stack: caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt insecureSkipVerify: true # For development environments like minikube +## Pulsar Manager has been poorly maintained for a long time. Consider the Dekaf UI instead. ## Components Stack: pulsar_manager ## templates/pulsar-manager.yaml ## @@ -1911,6 +1919,44 @@ pulsar_manager: db_username: "pulsar" db_password: "" # leave empty for random password +# Dekaf is an open-source web-based UI for Apache Pulsar https://pulsar.apache.org/docs/next/administration-dekaf-ui/ +dekaf: + component: dekaf + deployment: + annotations: {} + podAnnotations: {} + nodeSelector: {} + tolerations: [] + extraVolumes: [] + extraVolumeMounts: [] + extraContainers: [] + extraEnv: {} + resources: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + periodSeconds: 5 + initialDelaySeconds: 5 + readinessProbe: + httpGet: + path: /health + port: http + scheme: HTTP + periodSeconds: 5 + service: + annotations: {} + port: 8090 + persistence: + enabled: true + storageClass: null + size: 2Gi + labels: {} + annotations: {} + accessModes: + - ReadWriteOnce + # These are jobs where job ttl configuration is used # pulsar-helm-chart/charts/pulsar/templates/pulsar-cluster-initialize.yaml # pulsar-helm-chart/charts/pulsar/templates/bookkeeper-cluster-initialize.yaml From a7fbf59f78225b8a0da8bc7551f117404de1e4a7 Mon Sep 17 00:00:00 2001 From: Kiryl Valkovich Date: Sun, 2 Nov 2025 18:22:39 +0400 Subject: [PATCH 02/12] Initial Dekaf UI support --- charts/pulsar/templates/dekaf-deployment.yaml | 45 +++++++++++-------- .../pulsar/templates/dekaf-persistence.yaml | 7 +-- charts/pulsar/values.yaml | 10 ++++- 3 files changed, 39 insertions(+), 23 deletions(-) diff --git a/charts/pulsar/templates/dekaf-deployment.yaml b/charts/pulsar/templates/dekaf-deployment.yaml index e928c550..98dd531a 100644 --- a/charts/pulsar/templates/dekaf-deployment.yaml +++ b/charts/pulsar/templates/dekaf-deployment.yaml @@ -26,7 +26,8 @@ metadata: labels: {{- include "pulsar.standardLabels" . | nindent 4 }} component: {{ .Values.dekaf.component }} - annotations: {{ .Values.dekaf.deployment.annotations | toYaml | nindent 4 }} + annotations: + {{- toYaml .Values.dekaf.deployment.annotations | nindent 4 }} spec: replicas: 1 selector: @@ -42,14 +43,16 @@ spec: component: {{ .Values.dekaf.component }} annotations: {{ .Values.dekaf.deployment.podAnnotations | toYaml | nindent 8 }} spec: - {{- if .Values.dekaf.deployment.nodeSelector }} + {{- if .Values.dekaf.deployment.nodeSelector }} nodeSelector: -{{ toYaml .Values.dekaf.deployment.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.dekaf.deployment.tolerations }} + {{ toYaml .Values.dekaf.deployment.nodeSelector | indent 10 }} + {{- end }} + + {{- if .Values.dekaf.deployment.tolerations }} tolerations: -{{ toYaml .Values.dekaf.deployment.tolerations | indent 8 }} - {{- end }} + {{ toYaml .Values.dekaf.deployment.tolerations | indent 8 }} + {{- end }} + containers: - name: dekaf image: "{{ .Values.images.dekaf.repository }}:{{ .Values.images.dekaf.tag }}" @@ -59,15 +62,21 @@ spec: value: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}" - name: DEKAF_PULSAR_BROKER_URL value: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}" + {{- if .Values.dekaf.deployment.extraEnv }} -{{- toYaml .Values.dekaf.deployment.extraEnv | nindent 12 }} + {{- toYaml .Values.dekaf.deployment.extraEnv | nindent 10 }} {{- end }} + ports: - containerPort: 8090 name: http - resources: {{ .Values.dekaf.deployment.podAnnotations | toYaml | nindent 12 }} - livenessProbe: {{ .Values.dekaf.deployment.livenessProbe | toYaml | nindent 12}} - readinessProbe: {{.Values.dekaf.deployment.readinessProbe | toYaml | nindent 12 }} + + resources: + {{- toYaml .Values.dekaf.deployment.resources | nindent 12 }} + livenessProbe: + {{- toYaml .Values.dekaf.deployment.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.dekaf.deployment.readinessProbe | nindent 12 }} {{- if .Values.dekaf.persistence.enabled }} volumeMounts: @@ -75,12 +84,11 @@ spec: mountPath: /dekaf/data/library {{- end }} - {{- if .Values.dekaf.deployment.extraVolumeMounts }} -{{- toYaml .Values.dekaf.deployment.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.dekaf.deployment.extraContainers }} - {{- toYaml .Values.dekaf.deployment.extraContainers | nindent 8 }} - {{- end }} + {{- if .Values.dekaf.deployment.extraVolumeMounts }} + {{- toYaml .Values.dekaf.deployment.extraVolumeMounts | nindent 12 }} + {{- end }} + + {{- toYaml .Values.dekaf.deployment.extraContainers | nindent 8 }} volumes: {{- if .Values.dekaf.persistence.enabled }} @@ -88,7 +96,8 @@ spec: persistentVolumeClaim: claimName: {{ template "pulsar.fullname" . }}-{{ .Values.dekaf.component }}-library {{- end }} + {{- if .Values.dekaf.deployment.extraVolumes }} -{{- toYaml .Values.dekaf.deployment.extraVolumes | nindent 8 }} + {{- toYaml .Values.dekaf.deployment.extraVolumes | nindent 8 }} {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/pulsar/templates/dekaf-persistence.yaml b/charts/pulsar/templates/dekaf-persistence.yaml index 4a5e8811..dc253f0c 100644 --- a/charts/pulsar/templates/dekaf-persistence.yaml +++ b/charts/pulsar/templates/dekaf-persistence.yaml @@ -10,10 +10,11 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.dekaf.persistence.labels }} labels: - {{- toYaml . | nindent 4 }} - {{- end }} + {{- include "pulsar.standardLabels" . | nindent 4 }} + {{- if .Values.dekaf.persistence.labels }} + {{- toYaml .Values.dekaf.persistence.labels | nindent 4 }} + {{- end }} spec: accessModes: diff --git a/charts/pulsar/values.yaml b/charts/pulsar/values.yaml index ca2cfb60..9b98ec1b 100755 --- a/charts/pulsar/values.yaml +++ b/charts/pulsar/values.yaml @@ -1930,8 +1930,14 @@ dekaf: extraVolumes: [] extraVolumeMounts: [] extraContainers: [] - extraEnv: {} - resources: {} + extraEnv: [] + resources: + requests: + memory: "768Mi" + cpu: "100m" + limits: + memory: "4096Mi" + cpu: "4000m" livenessProbe: httpGet: path: /healthz From 74df6b1fb6828c1f765d99528567b0f1b9688211 Mon Sep 17 00:00:00 2001 From: Kiryl Valkovich Date: Sun, 2 Nov 2025 18:58:26 +0400 Subject: [PATCH 03/12] Fix build --- .../pulsar/templates/dekaf-persistence.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/charts/pulsar/templates/dekaf-persistence.yaml b/charts/pulsar/templates/dekaf-persistence.yaml index dc253f0c..ed8b687a 100644 --- a/charts/pulsar/templates/dekaf-persistence.yaml +++ b/charts/pulsar/templates/dekaf-persistence.yaml @@ -1,3 +1,22 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + {{- if .Values.dekaf.persistence.enabled }} apiVersion: v1 kind: PersistentVolumeClaim From 2d3871967f11bbdea9ddcc981e1bba067e9ca1a7 Mon Sep 17 00:00:00 2001 From: Kiryl Valkovich Date: Sun, 2 Nov 2025 19:04:37 +0400 Subject: [PATCH 04/12] Fix build --- charts/pulsar/values.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/pulsar/values.yaml b/charts/pulsar/values.yaml index 9b98ec1b..601301d4 100755 --- a/charts/pulsar/values.yaml +++ b/charts/pulsar/values.yaml @@ -1955,12 +1955,12 @@ dekaf: annotations: {} port: 8090 persistence: - enabled: true - storageClass: null - size: 2Gi - labels: {} - annotations: {} - accessModes: + enabled: true + storageClass: null + size: 2Gi + labels: {} + annotations: {} + accessModes: - ReadWriteOnce # These are jobs where job ttl configuration is used From e152aff1e09f3d451164e514e8cec96e7372404e Mon Sep 17 00:00:00 2001 From: Kiryl Valkovich Date: Sun, 2 Nov 2025 19:12:23 +0400 Subject: [PATCH 05/12] Add k8s version test scenario for Dekaf --- .ci/clusters/values-dekaf.yaml | 21 +++++++++++++++++++++ .github/workflows/pulsar-helm-chart-ci.yaml | 3 +++ 2 files changed, 24 insertions(+) create mode 100644 .ci/clusters/values-dekaf.yaml diff --git a/.ci/clusters/values-dekaf.yaml b/.ci/clusters/values-dekaf.yaml new file mode 100644 index 00000000..fe045038 --- /dev/null +++ b/.ci/clusters/values-dekaf.yaml @@ -0,0 +1,21 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +components: + dekaf: true \ No newline at end of file diff --git a/.github/workflows/pulsar-helm-chart-ci.yaml b/.github/workflows/pulsar-helm-chart-ci.yaml index 6e4b8be7..107a69ae 100644 --- a/.github/workflows/pulsar-helm-chart-ci.yaml +++ b/.github/workflows/pulsar-helm-chart-ci.yaml @@ -224,6 +224,9 @@ jobs: - name: ZK & BK TLS Only values_file: .ci/clusters/values-zkbk-tls.yaml shortname: zkbk-tls + - name: Dekaf + values_file: .ci/clusters/values-dekaf.yaml + shortname: dekaf - name: Pulsar Manager values_file: .ci/clusters/values-pulsar-manager.yaml shortname: pulsar-manager From 997e4680b273a693ced0d61389200624b20f3df3 Mon Sep 17 00:00:00 2001 From: Kiryl Valkovich Date: Sun, 2 Nov 2025 21:05:54 +0400 Subject: [PATCH 06/12] Make it possible run Dekaf without configuration --- charts/pulsar/templates/_dekaf.tpl | 22 ++++++++ charts/pulsar/templates/dekaf-deployment.yaml | 54 +++++++++++-------- .../pulsar/templates/dekaf-persistence.yaml | 14 ++--- charts/pulsar/templates/dekaf-service.yaml | 12 ++--- charts/pulsar/values.yaml | 2 +- 5 files changed, 68 insertions(+), 36 deletions(-) create mode 100644 charts/pulsar/templates/_dekaf.tpl diff --git a/charts/pulsar/templates/_dekaf.tpl b/charts/pulsar/templates/_dekaf.tpl new file mode 100644 index 00000000..7ccf432d --- /dev/null +++ b/charts/pulsar/templates/_dekaf.tpl @@ -0,0 +1,22 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/}} + +{{- define "dekaf.component" -}} +{{ (.Values.dekaf).component | default "dekaf" }} +{{- end }} diff --git a/charts/pulsar/templates/dekaf-deployment.yaml b/charts/pulsar/templates/dekaf-deployment.yaml index 98dd531a..67402c71 100644 --- a/charts/pulsar/templates/dekaf-deployment.yaml +++ b/charts/pulsar/templates/dekaf-deployment.yaml @@ -21,36 +21,36 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "pulsar.fullname" . }}-{{ .Values.dekaf.component }} + name: {{ template "pulsar.fullname" . }}-{{ template "dekaf.component" . }} namespace: {{ template "pulsar.namespace" . }} labels: {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.dekaf.component }} + component: {{ template "dekaf.component" . }} annotations: - {{- toYaml .Values.dekaf.deployment.annotations | nindent 4 }} + {{- toYaml (((.Values.dekaf).deployment).annotations | default dict) | nindent 4 }} spec: replicas: 1 selector: matchLabels: {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.dekaf.component }} + component: {{ template "dekaf.component" . }} strategy: type: Recreate template: metadata: labels: {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.dekaf.component }} - annotations: {{ .Values.dekaf.deployment.podAnnotations | toYaml | nindent 8 }} + component: {{ template "dekaf.component" . }} + annotations: {{ ((.Values.dekaf).deployment).podAnnotations | default dict | toYaml | nindent 8 }} spec: - {{- if .Values.dekaf.deployment.nodeSelector }} + {{- if ((.Values.dekaf).deployment).nodeSelector }} nodeSelector: - {{ toYaml .Values.dekaf.deployment.nodeSelector | indent 10 }} + {{ toYaml .Values.dekaf.deployment.nodeSelector | default dict | indent 10 }} {{- end }} - {{- if .Values.dekaf.deployment.tolerations }} + {{- if ((.Values.dekaf).deployment).tolerations }} tolerations: - {{ toYaml .Values.dekaf.deployment.tolerations | indent 8 }} + {{ toYaml .Values.dekaf.deployment.tolerations | default list | indent 8 }} {{- end }} containers: @@ -63,41 +63,51 @@ spec: - name: DEKAF_PULSAR_BROKER_URL value: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}" - {{- if .Values.dekaf.deployment.extraEnv }} - {{- toYaml .Values.dekaf.deployment.extraEnv | nindent 10 }} + {{- if ((.Values.dekaf).deployment).extraEnv }} + {{- toYaml .Values.dekaf.deployment.extraEnv | default list | nindent 10 }} {{- end }} ports: - containerPort: 8090 name: http + {{- if ((.Values.dekaf).deployment).resources }} resources: {{- toYaml .Values.dekaf.deployment.resources | nindent 12 }} + {{- end }} + + {{- if ((.Values.dekaf).deployment).livenessProbe }} livenessProbe: {{- toYaml .Values.dekaf.deployment.livenessProbe | nindent 12 }} + {{- end }} + + {{- if ((.Values.dekaf).deployment).readinessProbe }} readinessProbe: {{- toYaml .Values.dekaf.deployment.readinessProbe | nindent 12 }} + {{- end }} - {{- if .Values.dekaf.persistence.enabled }} + {{- if ((.Values.dekaf).persistence).enabled }} volumeMounts: - - name: {{ template "pulsar.fullname" . }}-{{ .Values.dekaf.component }}-library + - name: {{ template "pulsar.fullname" . }}-{{ template "dekaf.component" . }}-library mountPath: /dekaf/data/library {{- end }} - {{- if .Values.dekaf.deployment.extraVolumeMounts }} - {{- toYaml .Values.dekaf.deployment.extraVolumeMounts | nindent 12 }} + {{- if ((.Values.dekaf).deployment).extraVolumeMounts }} + {{- toYaml .Values.dekaf.deployment.extraVolumeMounts | default list | nindent 12 }} {{- end }} - {{- toYaml .Values.dekaf.deployment.extraContainers | nindent 8 }} + {{- range ((.Values.dekaf).deployment).extraContainers | default (list) }} + - {{- toYaml . | nindent 10 }} + {{- end }} volumes: - {{- if .Values.dekaf.persistence.enabled }} - - name: {{ template "pulsar.fullname" . }}-{{ .Values.dekaf.component }}-library + {{- if ((.Values.dekaf).persistence).enabled }} + - name: {{ template "pulsar.fullname" . }}-{{ template "dekaf.component" . }}-library persistentVolumeClaim: - claimName: {{ template "pulsar.fullname" . }}-{{ .Values.dekaf.component }}-library + claimName: {{ template "pulsar.fullname" . }}-{{ template "dekaf.component" . }}-library {{- end }} - {{- if .Values.dekaf.deployment.extraVolumes }} - {{- toYaml .Values.dekaf.deployment.extraVolumes | nindent 8 }} + {{- if ((.Values.dekaf).deployment).extraVolumes }} + {{- toYaml .Values.dekaf.deployment.extraVolumes | default list | nindent 8 }} {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/pulsar/templates/dekaf-persistence.yaml b/charts/pulsar/templates/dekaf-persistence.yaml index ed8b687a..11c8f1a5 100644 --- a/charts/pulsar/templates/dekaf-persistence.yaml +++ b/charts/pulsar/templates/dekaf-persistence.yaml @@ -17,29 +17,29 @@ # under the License. # -{{- if .Values.dekaf.persistence.enabled }} +{{- if ((.Values.dekaf).persistence).enabled | default true }} apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: {{ template "pulsar.fullname" . }}-{{ .Values.dekaf.component }}-library + name: {{ template "pulsar.fullname" . }}-{{ template "dekaf.component" . }}-library namespace: {{ template "pulsar.namespace" . }} - {{- with .Values.dekaf.persistence.annotations }} + {{- with ((.Values.dekaf).persistence).annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: {{- include "pulsar.standardLabels" . | nindent 4 }} - {{- if .Values.dekaf.persistence.labels }} + {{- if ((.Values.dekaf).persistence).labels }} {{- toYaml .Values.dekaf.persistence.labels | nindent 4 }} {{- end }} spec: accessModes: - {{- toYaml .Values.dekaf.persistence.accessModes | nindent 4 }} + {{- (((.Values.dekaf).persistence).accessModes | default (list "ReadWriteOnce")) | toYaml | nindent 4 }} resources: requests: - storage: "{{ .Values.dekaf.persistence.size }}" - storageClassName: {{ .Values.dekaf.persistence.storageClass }} + storage: "{{ ((.Values.dekaf).persistence).size | default "2Gi" }}" + storageClassName: {{ ((.Values.dekaf).persistence).storageClass | default nil }} {{- end }} \ No newline at end of file diff --git a/charts/pulsar/templates/dekaf-service.yaml b/charts/pulsar/templates/dekaf-service.yaml index d52b4434..7f03c8a3 100644 --- a/charts/pulsar/templates/dekaf-service.yaml +++ b/charts/pulsar/templates/dekaf-service.yaml @@ -21,15 +21,15 @@ apiVersion: v1 kind: Service metadata: - name: {{ template "pulsar.fullname" . }}-{{ .Values.dekaf.component }} + name: {{ template "pulsar.fullname" . }}-{{ template "dekaf.component" . }} namespace: {{ template "pulsar.namespace" . }} labels: {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.dekaf.component }} -{{- with .Values.dekaf.service.annotations }} + component: {{ template "dekaf.component" . }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- if ((.Values.dekaf).service).annotations }} + {{ toYaml .Values.dekaf.service.annotations | indent 4 }} + {{- end }} spec: ports: - name: http @@ -37,5 +37,5 @@ spec: targetPort: 8090 selector: {{- include "pulsar.matchLabels" . | nindent 4 }} - component: {{ .Values.dekaf.component }} + component: {{ template "dekaf.component" . }} {{- end }} \ No newline at end of file diff --git a/charts/pulsar/values.yaml b/charts/pulsar/values.yaml index 601301d4..30093feb 100755 --- a/charts/pulsar/values.yaml +++ b/charts/pulsar/values.yaml @@ -1940,7 +1940,7 @@ dekaf: cpu: "4000m" livenessProbe: httpGet: - path: /healthz + path: /health port: http scheme: HTTP periodSeconds: 5 From 5ffae942cb6f1b851811f56222b3f0906f6d0659 Mon Sep 17 00:00:00 2001 From: Kiryl Valkovich Date: Sun, 2 Nov 2025 21:25:11 +0400 Subject: [PATCH 07/12] Fix build --- .ci/clusters/values-dekaf.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.ci/clusters/values-dekaf.yaml b/.ci/clusters/values-dekaf.yaml index fe045038..c3c06ec0 100644 --- a/.ci/clusters/values-dekaf.yaml +++ b/.ci/clusters/values-dekaf.yaml @@ -18,4 +18,7 @@ # components: - dekaf: true \ No newline at end of file + dekaf: true +dekaf: + persistence: + enabled: false \ No newline at end of file From 83e219a071e52bf7240d2a5421d22ae5fbf5ea78 Mon Sep 17 00:00:00 2001 From: Kiryl Valkovich Date: Sun, 2 Nov 2025 22:10:56 +0400 Subject: [PATCH 08/12] Fix build --- charts/pulsar/templates/dekaf-persistence.yaml | 2 +- charts/pulsar/values.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/pulsar/templates/dekaf-persistence.yaml b/charts/pulsar/templates/dekaf-persistence.yaml index 11c8f1a5..bfdb7a34 100644 --- a/charts/pulsar/templates/dekaf-persistence.yaml +++ b/charts/pulsar/templates/dekaf-persistence.yaml @@ -17,7 +17,7 @@ # under the License. # -{{- if ((.Values.dekaf).persistence).enabled | default true }} +{{- if ((.Values.dekaf).persistence).enabled }} apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/charts/pulsar/values.yaml b/charts/pulsar/values.yaml index 30093feb..97146acd 100755 --- a/charts/pulsar/values.yaml +++ b/charts/pulsar/values.yaml @@ -1956,6 +1956,7 @@ dekaf: port: 8090 persistence: enabled: true + # Storage class must be specified, otherwise you can get an error on Helm upgrade storageClass: null size: 2Gi labels: {} From f881207848ed708c24c2d9f8f4bf34a87940df75 Mon Sep 17 00:00:00 2001 From: Kiryl Valkovich Date: Sun, 2 Nov 2025 22:32:49 +0400 Subject: [PATCH 09/12] Fix build --- charts/pulsar/templates/dekaf-persistence.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/pulsar/templates/dekaf-persistence.yaml b/charts/pulsar/templates/dekaf-persistence.yaml index bfdb7a34..85786df5 100644 --- a/charts/pulsar/templates/dekaf-persistence.yaml +++ b/charts/pulsar/templates/dekaf-persistence.yaml @@ -17,6 +17,7 @@ # under the License. # +{{- if .Values.components.dekaf }} {{- if ((.Values.dekaf).persistence).enabled }} apiVersion: v1 kind: PersistentVolumeClaim @@ -42,4 +43,5 @@ spec: requests: storage: "{{ ((.Values.dekaf).persistence).size | default "2Gi" }}" storageClassName: {{ ((.Values.dekaf).persistence).storageClass | default nil }} +{{- end }} {{- end }} \ No newline at end of file From f12c279fcbaf154061cc2752e65b1fa4a496ccd3 Mon Sep 17 00:00:00 2001 From: Kiryl Valkovich Date: Mon, 3 Nov 2025 13:55:02 +0400 Subject: [PATCH 10/12] Fix Keycloak CI deployment --- .ci/auth/keycloak/values.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.ci/auth/keycloak/values.yaml b/.ci/auth/keycloak/values.yaml index 83340080..a137cffc 100644 --- a/.ci/auth/keycloak/values.yaml +++ b/.ci/auth/keycloak/values.yaml @@ -32,3 +32,12 @@ extraVolumeMounts: - name: realm-config mountPath: "/opt/bitnami/keycloak/data/import" readOnly: true + +# Fix for https://github.com/bitnami/charts/issues/35164 +image: + repository: bitnamilegacy/keycloak + tag: 26.2.3-debian-12-r0 +postgresql: + image: + repository: bitnamilegacy/postgresql + tag: postgresql:17.4.0-debian-12-r17 From 5309a51103f88c2e7f9ce9dfcb2a50d7629a245d Mon Sep 17 00:00:00 2001 From: Kiryl Valkovich Date: Mon, 3 Nov 2025 14:01:24 +0400 Subject: [PATCH 11/12] Fix Keycloak CI deployment --- .ci/auth/keycloak/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.ci/auth/keycloak/values.yaml b/.ci/auth/keycloak/values.yaml index a137cffc..09d56e1b 100644 --- a/.ci/auth/keycloak/values.yaml +++ b/.ci/auth/keycloak/values.yaml @@ -34,6 +34,9 @@ extraVolumeMounts: readOnly: true # Fix for https://github.com/bitnami/charts/issues/35164 +global: + security: + allowInsecureImages: true image: repository: bitnamilegacy/keycloak tag: 26.2.3-debian-12-r0 From ac037ce95dc3d9274d457626506456047e906680 Mon Sep 17 00:00:00 2001 From: Kiryl Valkovich Date: Mon, 3 Nov 2025 14:14:09 +0400 Subject: [PATCH 12/12] Fix Keycloak CI deployment --- .ci/auth/keycloak/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/auth/keycloak/values.yaml b/.ci/auth/keycloak/values.yaml index 09d56e1b..a9aaa03f 100644 --- a/.ci/auth/keycloak/values.yaml +++ b/.ci/auth/keycloak/values.yaml @@ -43,4 +43,4 @@ image: postgresql: image: repository: bitnamilegacy/postgresql - tag: postgresql:17.4.0-debian-12-r17 + tag: 17.4.0-debian-12-r17