diff --git a/kuttl-test.yaml b/kuttl-test.yaml index 20b61b0..d9f4344 100644 --- a/kuttl-test.yaml +++ b/kuttl-test.yaml @@ -2,7 +2,7 @@ apiVersion: kudo.dev/v1alpha1 kind: TestSuite commands: - command: ./bin/kubectl-kudo init --unsafe-self-signed-webhook-ca --wait - - command: ./bin/kubectl-kudo install --skip-instance ./repository/cassandra/3.11/operator/ + - command: ./bin/kubectl-kudo install --skip-instance cassandra - command: ./bin/kubectl-kudo install --skip-instance ./repository/confluent-rest-proxy/operator/ - command: ./bin/kubectl-kudo install --skip-instance ./repository/confluent-schema-registry/operator/ - command: ./bin/kubectl-kudo install --skip-instance ./repository/cowsay/operator/ diff --git a/repository/cassandra/3.11/README.md b/repository/cassandra/3.11/README.md deleted file mode 100644 index 59e0632..0000000 --- a/repository/cassandra/3.11/README.md +++ /dev/null @@ -1,66 +0,0 @@ -# KUDO Cassandra Operator - -The KUDO Cassandra Operator makes it easy to deploy and manage -[Apache Cassandra](http://cassandra.apache.org/) on Kubernetes. - -| Konvoy | -| ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| | - -## Getting started - -The KUDO Cassandra operator requires [KUDO](https://kudo.dev/) and Kubernetes -versions as specified in [`operator.yaml`](./operator/operator.yaml#L4-L5). - -To install it run - -```bash -kubectl kudo install cassandra -``` - -## Features - -- Configurable `cassandra.yaml` and `jvm.options` parameters -- JVM memory locking out of the box -- Prometheus metrics and Grafana dashboard -- Horizontal scaling -- Rolling parameter updates -- Readiness probe -- Unpriviledged container execution -- Node-to-Node and Node-to-Client communication encryption -- Backup/restore -- Rack-awareness -- Node replace -- Inter-pod anti-affinity -- Multi-datacenter support - -## Roadmap - -- RBAC, pod security policies -- Diagnostics bundle - -## Documentation - -- [Installing](./docs/installing.md) -- [Production](./docs/production.md) -- [Accessing](./docs/accessing.md) -- [Architecture](./docs/architecture.md) -- [Managing](./docs/managing.md) -- [Resources](./docs/resources.md) -- [Upgrading](./docs/upgrading.md) -- [Monitoring](./docs/monitoring.md) -- [Backup & Restore](./docs/backup.md) -- [Repair](./docs/repair.md) -- [Decommission](./docs/decommission.md) -- [Security](./docs/security.md) -- [Multi Datacenter](./docs/multidatacenter.md) -- [Parameters reference](./docs/parameters.md) - -## Version Chart - -| Version | Apache Cassandra version | Operator version | Minimum KUDO Version | Status | Release date | -| ------------------------------------------------------------------------------------------------ | ------------------------ | ---------------- | -------------------- | ------ | ------------ | -| [3.11.6-1.0.0](https://github.com/mesosphere/kudo-cassandra-operator/releases/tag/v3.11.6-1.0.0) | 3.11.6 | 1.0.0 | 0.13.0 | GA | 2020-06-04 | -| [3.11.5-0.1.2](https://github.com/mesosphere/kudo-cassandra-operator/releases/tag/v3.11.5-0.1.2) | 3.11.5 | 0.1.2 | 0.10.0 | beta | 2020-01-22 | -| [3.11.5-0.1.1](https://github.com/mesosphere/kudo-cassandra-operator/releases/tag/v3.11.5-0.1.1) | 3.11.5 | 0.1.1 | 0.8.0 | beta | 2019-12-12 | -| [3.11.4-0.1.0](https://github.com/mesosphere/kudo-cassandra-operator/releases/tag/v3.11.4-0.1.0) | 3.11.4 | 0.1.0 | 0.8.0 | beta | 2019-11-13 | diff --git a/repository/cassandra/3.11/docs/README.md b/repository/cassandra/3.11/docs/README.md deleted file mode 120000 index 32d46ee..0000000 --- a/repository/cassandra/3.11/docs/README.md +++ /dev/null @@ -1 +0,0 @@ -../README.md \ No newline at end of file diff --git a/repository/cassandra/3.11/docs/accessing.md b/repository/cassandra/3.11/docs/accessing.md deleted file mode 100644 index 9ab769a..0000000 --- a/repository/cassandra/3.11/docs/accessing.md +++ /dev/null @@ -1,135 +0,0 @@ -# Accessing Cassandra - -This guide explains how to access a running KUDO Cassandra instance from your -application deployed within the same Kubernetes cluster. - -:warning: The KUDO Cassandra operator currently does not support accessing the -Cassandra instance from outside of the same Kubernetes cluster. - -## Pre-conditions - -- KUDO Cassandra instance running -- KUDO CLI installed - -## Steps - -### Preparation - -#### 1. Set the shell variables - -The examples below assume that the instance and namespace names are stored in -the following shell variables. With this assumptions met, you should be able to -copy-paste the commands easily. - -```bash -instance_name=cassandra -namespace_name=default -``` - -#### 2. Verify that the variables are set correctly - -```bash -kubectl get instance $instance_name -n $namespace_name -``` - -Example output: - -```bash -NAME AGE -cassandra 16h -``` - -### Access Cassandra - -You will run simple `cqlsh` command within an ephemeral pod on the Kubernetes -cluster to show how to connect to Cassandra. - -#### 3. Retrieve the docker image name - -In order to run `cqlsh` you need a container image which has it. For simplicity, -you can use the same image which is used by the cassandra nodes. Run the -following command to retrieve its full name: - -```bash -cassandra_image=$(kubectl get pod -n ${namespace_name} ${instance_name}-node-0 --template '{{ (index .spec.containers 0).image }}{{"\n"}}') -echo ${cassandra_image} -``` - -Example output: - -``` -mesosphere/cassandra:3.11.6-1.0.0 -``` - -#### 4. Run a command which accesses cassandra in a pod - -This command illustrates what DNS name to use to connect to Cassandra: - -```bash -kubectl run --wait cassandra-access-demo --image=${cassandra_image} --restart=Never -- \ - cqlsh --execute "describe cluster" ${instance_name}-svc.${namespace_name}.svc.cluster.local -``` - -Expected output: - -``` -pod/cassandra-access-demo created -``` - -#### 5. Retrieve the output - -Once the pod completes (which should take no more than a few seconds), you can -see its output using a command such as the following: - -```bash -kubectl logs cassandra-access-demo -``` - -Example output: - -``` -Warning: Cannot create directory at `/home/cassandra/.cassandra`. Command history will not be saved. - - -Cluster: cassandra1 -Partitioner: Murmur3Partitioner -``` - -### Cleanup - -#### 6. Delete the ephemeral pod - -```bash -kubectl delete pod cassandra-access-demo -``` - -Expected output: - -``` -pod "cassandra-access-demo" deleted -``` - -## Access from outside the Cluster - -The operator supports creation of a service that opens up ports to access -Cassandra from outside the cluster. To enable this, you have to set the -following variables: - -```bash -kubectl kudo update $instance_name -n $namespace_name -p EXTERNAL_NATIVE_TRANSPORT=true -``` - -This will create a service with a LoadBalancer port that forwards to the -Cassandra nodes. There are the following options: - -- EXTERNAL_NATIVE_TRANSPORT="true" Enable access to the cluster from the outside -- EXTERNAL_RPC="true" Enable access to the legacy RPC port if it's enabled on - the cluster (Requires that START_RPC is "true") -- EXTERNAL_NATIVE_TRANSPORT_PORT="9042" The external port that is forwarded to - the native transport port on the nodes -- EXTERNAL_RPC_PORT="9160" The external port that is forwarded to the rpc port - on the nodes - -:warning: The external service definition will at the moment not be deleted if -you set EXTERNAL_NATIVE_TRANSPORT and EXTERNAL_RPC to "false". If you need to -remove external access, you have to remove the external service manually. diff --git a/repository/cassandra/3.11/docs/architecture.md b/repository/cassandra/3.11/docs/architecture.md deleted file mode 100644 index e0c840a..0000000 --- a/repository/cassandra/3.11/docs/architecture.md +++ /dev/null @@ -1,24 +0,0 @@ -# KUDO Cassandra Architecture - -Apache Cassandra is a stateful workload. KUDO Cassandra uses kubernetes -statefulset as the basic piece of the KUDO Cassandra Architecture - -As a StatefulSet maintains sticky identities for each of its Pods, this helps -KUDO Cassandra to automate all necessary operations with Apache Cassandra nodes. - -To help with updates and upgrades, KUDO Cassandra comes with a custom config -maps thats helps for rolling updates for KUDO Cassandra. Apache Cassandra -maintenance jobs like `repair` and `backup/restore` are configured as kubernetes -jobs and are only deployed on-demand when configuring their respective -parameters. - -![](images/architecture.png) - -## Multi-Datacenter Architecture - -KUDO Cassandra can span a ring across multiple kubernetes clusters, to -facilitate the deployment across various regions and zones. Read more about -multidataceneter configuration options in the -[multi-dataceneter](./multidataceneter.md) docs. - -![](images/multi-dc-arch.png) diff --git a/repository/cassandra/3.11/docs/backup.md b/repository/cassandra/3.11/docs/backup.md deleted file mode 100644 index 557c87d..0000000 --- a/repository/cassandra/3.11/docs/backup.md +++ /dev/null @@ -1,441 +0,0 @@ -# Backup & Restore KUDO Cassandra - -This guide explains how to configure backup and restore for KUDO Cassandra. - -## Pre-conditions - -- AWS S3 bucket for storing backups -- AWS CLI for local checks (not required for the actual operator) -- A `cqlsh` binary should be in the path - -## Steps - -### Preparation - -#### 1. Verify that the S3 bucket is accessible - -```bash -aws s3 ls -``` - -This should return a list of buckets accessible with your current AWS -credentials - -#### Setup environment variables - -The examples below assume that the instance and namespace names are stored in -the following shell variables. With this assumptions met, you should be able to -copy-paste the commands easily and it prevents typos in reused values. - -```text -INSTANCE_NAME=cassandra -NAMESPACE=backup-test -SECRET_NAME=aws-credentials -BACKUP_BUCKET_NAME= -BACKUP_PREFIX=cluster1 -BACKUP_NAME=Backup1 -``` - -#### Create a secret with your AWS credentials - -```bash -cat < aws-credentials.yaml -kind: Secret -apiVersion: v1 -metadata: - name: ${SECRET_NAME} - namespace: ${NAMESPACE} -stringData: - access-key: - secret-key: -EOF -``` - -Replace the values for access-key and secret key with the actual values for your -AWS account. - -If you are using temporary AWS credentials with a security token, the file -should look like this: - -```bash -cat < aws-credentials.yaml -kind: Secret -apiVersion: v1 -metadata: - name: ${SECRET_NAME} - namespace: ${NAMESPACE} -stringData: - access-key: - secret-key: - security-token: -EOF -``` - -You can find these values by looking at `~/.aws/credentials`: - -```bash -cat ~/.aws/credentials -``` - -Apply the secret to your Kubernets cluster: - -```bash -kubectl apply --namespace $NAMESPACE -f aws-credentials.yaml -``` - -#### 1. Install KUDO Cassandra with backups enabled - -To allow the backup plan to run, the cluster must be set up with a specific -configuration: - -- `BACKUP_RESTORE_ENABLED` This enables the backup functionality in general -- `BACKUP_AWS_CREDENTIALS_SECRET` Allows the instances to access the AWS - credentials without storing them in the operator itself -- `BACKUP_AWS_S3_BUCKET_NAME` Defines the AWS S3 bucket where the backup will be - stored -- `BACKUP_PREFIX` Prepends a prefix to the backups in the S3 buckets and allows - multiple KUDO Cassandra clusters to reside in the same bucket -- `EXTERNAL_NATIVE_TRANSPORT` Setting this to true is not required for the - backup, but allows us to access the cluster with `cqlsh` from the local - machine - -```bash -kubectl kudo install cassandra \ - --instance $INSTANCE_NAME \ - --namespace $NAMESPACE \ - -p EXTERNAL_NATIVE_TRANSPORT=true \ - -p BACKUP_RESTORE_ENABLED=true \ - -p BACKUP_AWS_CREDENTIALS_SECRET=$SECRET_NAME \ - -p BACKUP_AWS_S3_BUCKET_NAME=$BACKUP_BUCKET_NAME \ - -p BACKUP_PREFIX=$BACKUP_PREFIX -``` - -### Verify the state of the KUDO Cassandra instance - -```bash -kubectl kudo plan status --instance=$INSTANCE_NAME -n $NAMESPACE -``` - -In the output note if: - -- the current `Operator-Version` matches your expectation, and -- deploy plan is `COMPLETE` (this may take a couple minutes) - -Example output: - -```text -Plan(s) for "cassandra" in namespace "default": -. -└── cassandra (Operator-Version: "cassandra-1.0.0" Active-Plan: "deploy") - ├── Plan deploy (serial strategy) [COMPLETE] - │   └── Phase nodes (parallel strategy) [COMPLETE] - │   └── Step node [COMPLETE] - ├── Plan upgrade (serial strategy) [NOT ACTIVE] - │   ├── Phase cleanup (serial strategy) [NOT ACTIVE] - │   │   └── Step cleanup-stateful-set [NOT ACTIVE] - │   └── Phase reinstall (serial strategy) [NOT ACTIVE] - │   └── Step node [NOT ACTIVE] - └── Plan backup (serial strategy) [NOT ACTIVE] - └── Phase backup (serial strategy) [NOT ACTIVE] - ├── Step cleanup [NOT ACTIVE] - └── Step backup [NOT ACTIVE] - -``` - -Save the DNS of the external service of the cluster: - -```bash -CASSANDRA_CLUSTER=`kubectl get service --namespace $NAMESPACE --field-selector metadata.name=$INSTANCE_NAME-svc-external -o jsonpath='{.items[*].status.loadBalancer.ingress[*].hostname}'` - -echo "Cassandra Cluster DNS: $CASSANDRA_CLUSTER" -``` - -#### Write data to the cluster - -```bash -cqlsh $CASSANDRA_CLUSTER < -``` - -Check out the [parameters reference](./parameters.md) for a complete list of all -configurable settings. - -Check out the -["configuration" section in the "managing" page](./managing.md#configuration) -for help with changing an existing operator instance's parameters and the -[operating](./operating.md) page for help with managing Cassandra operators and -their underlying Cassandra clusters. - -## Required Permissions - -KUDO Cassandra requires certain permissions in the cluster to operate. By -default, it creates one service account, role and role binding in the same -namespace as the installed instance. This service account has the permissions to -execute commands in pods. - -If the operator is configured to use a `NODE_TOPOLOGY` for a -[multi datacenter setup](multidatacenter.md), additional permissions are -required and explained in the corresponding section. diff --git a/repository/cassandra/3.11/docs/managing.md b/repository/cassandra/3.11/docs/managing.md deleted file mode 100644 index 388a196..0000000 --- a/repository/cassandra/3.11/docs/managing.md +++ /dev/null @@ -1,250 +0,0 @@ -# Managing KUDO Cassandra Operator instances - -**Table of Contents** - -- [Managing KUDO Cassandra Operator instances](#managing-kudo-cassandra-operator-instances) - - [Updating parameters](#updating-parameters) - - [Upgrading](#upgrading) - - [Failure handling](#failure-handling) - - [Recovery controller](#recovery-controller) - - [Node eviction](#node-eviction) - - [Manual node replacement](#manual-node-replacement) - - [Accessing](#accessing) - - [Debugging](#debugging) - - [Plan status](#plan-status) - - [Get pods](#get-pods) - - [Pod container logs](#pod-container-logs) - - [Describe pod](#describe-pod) - - [Cassandra nodetool status](#cassandra-nodetool-status) - - [KUDO controller/manager logs](#kudo-controllermanager-logs) - - [Get endpoints](#get-endpoints) - - [Kubernetes events in the instance namespace](#kubernetes-events-in-the-instance-namespace) - - [Uninstall an operator instance](#uninstall-an-operator-instance) - -## Updating parameters - -Installing an instance is just the beginning. After doing so, it is likely that -you will need to change the instance's parameter to: - -- Scale the cluster horizontally -- Configure specific `cassandra.yaml` or JVM option settings -- Enable or disable monitoring - -To change an instance's parameters, the `kubectl kudo update` command can be -used. - -```bash -kubectl kudo update cassandra \ - --instance analytics-cassandra \ - --namespace production \ - -p SOME_PARAMETER=SOME_VALUE -``` - -For example, the following command starts a rolling configuration update setting -`cassandra.yaml`'s `hinted_handoff_throttle_in_kb` to `2048` in all of the -cluster nodes'. - -```bash -kubectl kudo update cassandra \ - --instance analytics-cassandra \ - --namespace production \ - -p HINTED_HANDOFF_THROTTLE_IN_KB=2048 -``` - -Multiple parameters can be updated in parallel as well. - -```bash -kubectl kudo update cassandra \ - --instance analytics-cassandra \ - --namespace production \ - -p CONCURRENT_READS=32 \ - -p CONCURRENT_WRITES=64 \ - -p JVM_OPT_RING_DELAY_MS=60000ms -``` - -When `kubectl kudo update` commands are run KUDO will start working on the -"deploy" plan, which takes care of the rolling configuration update. You can -check for its status similarly to how we did it after -[installing an instance](./installing.md). - -```bash -kubectl kudo plan status deploy \ - --instance analytics-cassandra \ - --namespace production -``` - -It is advisable to wait for the plan to reach a "COMPLETE" status before -performing any other operations. - -Check out the [parameters reference](./parameters.md) for a complete list of all -configurable settings. - -## Upgrading - -See the [document on upgrading](upgrading.md). - -## Failure handling - -When using local storage, a Cassandra pod is using a local persistent volume -that is only available when the pod is scheduled in a specific node. Any -rescheduling will land the pod to the very same node due to the volume node -affinity. - -This is an issue in case of a total Kubernetes node loss: the pods running on an -unreachable Node enter the states Terminating or Unknown. Kubernetes doesn’t -allow the deletion of those pods to avoid any brain-split. - -KUDO Cassandra provides a way to automatically handle these failure modes and -move a Cassandra node that is located on a failed Kubernetes node to a different -node in the cluster. - -### Recovery controller - -To enable this feature, use the following parameter: - -```bash -RECOVERY_CONTROLLER=true -``` - -When this parameter is set, KUDO Cassandra will deploy an additional controller -that monitors the deployed Cassandra pods. If any pod reaches an unschedulable -state and detects that the kubernetes node is gone, it will remove the local -volume of that pod and allow Kubernetes to schedule the pod to a different node. -Additionally, the rescheduling can be triggered by an eviction label. - -The recovery controller relies on the Kubernetes state of a node, not the actual -running processes. This means that the failure of the hardware on which a -Cassandra node runs does not trigger the recovery. The only way an automatic -recovery is triggered is when the Kubernetes node is removed from the cluster by -kubectl delete node . This allows a Kubernetes node to be shut -down for a maintenance period without KUDO Cassandra triggering a recovery. - -:warning: This feature will remove persistent volume claims in the Kubernetes -cluster. This may lead to data loss. Additionally, you must not use any -keyspaces with a replication factor of ONE, or the data of the failed Cassandra -node will be lost. - -#### Node eviction - -Evicting a Cassandra node is similar to Failure recovery described above. The -recovery controller will automate certain steps. The main difference is that -during node eviction the Kubernetes node should stay available, i.e. other pods -on that node shouldn’t get evicted. To evict a Cassandra node, first cordon or -taint the Kubernetes node the Cassandra node is running on. Alternatively, add -the label `kudo-cassandra/cordon=true` to the pod to evict if the whole node -shouldn't be cordoned. This ensures that the pod, once deleted, won’t be -restarted on the same node. Next, mark the pod for eviction by adding the label -`kudo-cassandra/evict=true`. This will trigger the recovery controller and it -will run the same steps as in failure recovery. As a result, the old pod will be -terminated and rescheduled on a different Kubernetes node. - -### Manual node replacement - -Cassandra nodes can be replaced manually. This is done by decommissioning a node -and bootstrapping a new one. The KUDO Cassandra operator will take care of the -bootstrapping using the same logic that is used in the failure recovery scenario -mentioned above. - -To replace a Cassandra node cordon the Kubernetes node the respective pod is -running on. Manually delete the pod. The pod will be recreated and Kubernetes -will try to redeploy it on the same node because its PVC is still on that node. -Because the node has been cordoned, nothing will be deployed. Delete the PVC -belonging to that pod. Keep in mind that this deletion might also delete the -persistent volume claimed by the PVC. Delete the pod again. The pod will now get -redeployed on a new node and a new PVC will be created on the new node as well. -The new pod will bootstrap a Cassandra node. - -## Accessing - -See the [document on accessing Cassandra](accessing.md). - -## Debugging - -Some helpful commands. Assuming `$instance_name` and `$instance_namespace` are -set these should be copy-pastable. - -### Plan status - -```bash -kubectl kudo plan status deploy \ - --instance="${instance_name}" \ - --namespace="${instance_namespace}" -``` - -### Get pods - -```bash -kubectl get pods -n "${instance_namespace}" -``` - -### Pod container logs - -```bash -pod="0" -container="cassandra" # container can also be "prometheus-exporter" - -kubectl logs "${instance_name}-node-${pod}" \ - -n "${instance_namespace}" \ - -c "${container}" -``` - -### Describe pod - -```bash -pod="0" - -kubectl describe "pods/${instance_name}-node-${pod}" \ - -n "${instance_namespace}" -``` - -### Cassandra nodetool status - -```bash -pod="0" - -kubectl exec "${instance_name}-node-${pod}" \ - -n "${instance_namespace}" \ - -c cassandra \ - -- \ - bash -c "nodetool status" -``` - -### KUDO controller/manager logs - -```bash -kubectl logs kudo-controller-manager-0 \ - -n kudo-system \ - --all-containers -``` - -### Get endpoints - -```bash -kubectl get events \ - --sort-by='{.lastTimestamp}' \ - -n "${instance_namespace}" -``` - -### Kubernetes events in the instance namespace - -```bash -kubectl get events \ - --sort-by='{.lastTimestamp}' \ - -n "${instance_namespace}" -``` - -## Uninstall an operator instance - -This will uninstall the instance and delete all its persistent volume claims -causing **irreversible data loss**. - -```bash -wget https://raw.githubusercontent.com/mesosphere/kudo-cassandra-operator/master/scripts/uninstall_operator.sh - -chmod +x uninstall_operator.sh - -./uninstall_operator.sh \ - --operator cassandra \ - --instance "${instance_name}" \ - --namespace "${instance_namespace}" -``` diff --git a/repository/cassandra/3.11/docs/monitoring.md b/repository/cassandra/3.11/docs/monitoring.md deleted file mode 100644 index 833d668..0000000 --- a/repository/cassandra/3.11/docs/monitoring.md +++ /dev/null @@ -1,140 +0,0 @@ -# Monitoring KUDO Cassandra - -This guide explains how to set up monitoring for KUDO Cassandra. - -## Description - -The KUDO Cassandra operator can export metrics to Prometheus. It achieves this -using a Prometheus exporter based on the -[criteo/cassandra_exporter](https://github.com/criteo/cassandra_exporter). - -When the `PROMETHEUS_EXPORTER_ENABLED` parameter is set to `true`: - -- A `prometheus-exporter` container will run in the same pod as every Cassandra - `node` container. It will listen for connections on - `PROMETHEUS_EXPORTER_PORT`, which is set to `7200` by default. -- A `prometheus-exporter-port` will be added to the KUDO Cassandra operator - [Service](https://kubernetes.io/docs/concepts/services-networking/service/). -- A - [ServiceMonitor](https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md#related-resources) - will be created to make Prometheus poll that port for metrics. - -## Pre-conditions - -- KUDO Cassandra instance running -- [Prometheus operator](https://github.com/coreos/prometheus-operator) and - [Grafana](https://grafana.com/) set up in the cluster. The - [kube-prometheus](https://github.com/coreos/kube-prometheus) project provides - both of them. -- KUDO CLI installed. - -The examples below assume that the instance and namespace names are stored in -the following shell variables. With this assumptions met, you should be able to -copy-paste the commands easily. - -```bash -instance_name=cassandra -namespace_name=default -``` - -## Steps - -### 1. Make sure that Prometheus Exporter is enabled on the KUDO Cassandra instance - -This parameter is `false` by default, so you need to enable it explicitly. - -You can check the value of the parameter on a running instance with a command -like: - -```bash -kubectl get instance --template '{{.spec.parameters.PROMETHEUS_EXPORTER_ENABLED}}{{"\n"}} $instance_name -n $namespace_name' -``` - -An output of `true` means that the exporter is enabled. - -_Any other output_ means that the exporter is _disabled_. In that case you need -to enable it with a command such as the following. If you need customization, -see other [parameters](parameters.md) that start with `PROMETHEUS_EXPORTER_`. - -```bash -kubectl kudo update -p PROMETHEUS_EXPORTER_ENABLED=true --instance $instance_name -n $namespace_name -``` - -Expected output: - -```text -Instance cassandra was updated. -``` - -### 2. Install the Grafana dashboard - -A sample grafana dashboard is provided in -[the monitoring directory](https://github.com/mesosphere/kudo-cassandra-operator/tree/master/monitoring/grafana). - -How you access the Grafana UI depends on how it was installed. Upon accessing -the `/dashboard/import` URI you will be able to upload or copy-paste the -`cassandra.json` file: - -![uploading the dashboard](images/upload.png) - -Once done, you will be able to see various Cassandra metrics in the dashboard: - -![Cassandra dashboard](images/cassandra-dashboard.png) - -### Notes - -:warning: Depending on how your prometheus operator was deployed, you may need -to check the `Prometheus` resource. The `serviceMonitorNamespaceSelector` and -`serviceMonitorSelector` attributes on that resource need to be configured to -match the -[labels on the `ServiceMonitor` resource](../operator/templates/service-monitor.yaml#L7) -created by the KUDO Cassandra operator. - -The Prometheus exporter container that is run alongside each Cassandra node -requires 1 CPU and 512MiB memory each. - -## Custom Configuration - -To use the custom -[prometheus exporter configuration](https://github.com/criteo/cassandra_exporter#config-file-example), -we need to create a configmap with the properties we want to override. - -Example custom configuration: - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: custom-exporter-configuration -data: - config.yml: | - maxScrapFrequencyInSec: - 2000: - - .*:totaldiskspaceused:.* -``` - -Create the ConfigMap in the namespace we will have the KUDO Cassandra cluster - -```bash -$ kubectl create -f custom-exporter-configuration.yaml -n $namespace_name -configmap/custom-exporter-configuration created -``` - -Enable the exporter - -```bash -kubectl kudo update \ - -p PROMETHEUS_EXPORTER_ENABLED=true \ - -p PROMETHEUS_EXPORTER_CUSTOM_CONFIG_CM_NAME=custom-exporter-configuration \ - --instance $instance_name -n $namespace_name -``` - -:warning: The following properties are configured internally by the operator and -cannot be overridden using custom configuration: - -- host -- listenAddress -- listenPort -- user -- password -- ssl diff --git a/repository/cassandra/3.11/docs/multidatacenter.md b/repository/cassandra/3.11/docs/multidatacenter.md deleted file mode 100644 index 8aadba9..0000000 --- a/repository/cassandra/3.11/docs/multidatacenter.md +++ /dev/null @@ -1,222 +0,0 @@ -# KUDO Cassandra with Multiple Datacenters and Rack awareness - -This guide explains the details of a multi-datacenter setup for KUDO Cassandra - -## Description - -Cassandra supports different topologies, including different datacenters and -rack awareness. - -- Different datacenters usually provide complete replication and locality. Each - datacenter usually contains a separate 'ring' -- Different racks indicate different failure zones to Cassandra: Data is - replicated in a way that different copies are not stored in the same rack. - -## Kubernetes cluster prerequisites - -### Naming - -In a multi-datacenter setup, a Cassandra cluster is formed by combining multiple -Cassandra datacenters. Cassandra datacenters can either run in a single -Kubernetes cluster that is spanning multiple physical datacenters, or in -multiple Kubernetes clusters, each one in a different physical datacenter. All -instances of Cassandra have to have the same name. This is achieved by using the -same instance name or by setting the `OVERRIDE_CLUSTER_NAME` parameter. - -### Node labels - -- Datacenter labels: Each Kubernetes node must have appropriate labels - indicating the datacenter it belongs to. These labels can have any name, but - it is advised to use the standard - [Kubernetes topology labels](https://kubernetes.io/docs/reference/kubernetes-api/labels-annotations-taints/#topologykubernetesioregion). - -If the Kubernets cluster is running on AWS, these labels are usually set by -default, on AWS they correspond to the different regions: - -```yaml -topology.kubernetes.io/region=us-east-1 -``` - -As datacenter selection is configured on datacenter level for cassandra, it is -possible to use different keys for each datacenter. This might be especially -useful for hybrid clouds. For example, this would be an valid configuration: - -```yaml -Datacenter 1 (OnPrem): -nodeLabels: - custom.topology=onprem - -Datacenter 2 (AWS): -nodeLabels: - topology.kubernetes.io/region=us-east-1 -``` - -- Rack labels: Additionally to the datacenter label, each kubernetes node must - have a rack label. This label defines how Cassandra distributes data in each - datacenter, and can correspond to AWS availability zones, actual rack names in - a datacenter, power groups, etc. - -Again, it is advised to use the -[Kubernetes topology labels](https://kubernetes.io/docs/reference/kubernetes-api/labels-annotations-taints/#topologykubernetesioregion), -for example on AWS a label would look like: - -```yaml -topology.kubernetes.io/zone=us-east-1c -``` - -The label key is again defined on datacenter level and therefore they key needs -to be the same for all nodes used in the same datacenter. - -### Service Account - -As there is currently no easy way to read node labels from inside a pod, the -KUDO Cassandra operator uses an initContainer to read the rack of the deployed -pod. This requires a service account with valid RBAC permissions. KUDO Cassandra -provides an easy way to automatically create this service account for you: - -```text -SERVICE_ACCOUNT_INSTALL=true -``` - -If this parameter is enabled, the operator will create a service account, -cluster role and cluster role binding. It uses the `NODE_RESOLVE_SERVICEACCOUNT` -parameter as the name for the service account and derived names for the cluster -role and cluster role binding. The created cluster role has the permissions to -`get`, `watch` and `list` the `nodes` resource. - -If you prefer to manage this manually, please follow the -[Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) -on how to create service accounts and set `NODE_RESOLVE_SERVICEACCOUNT` to the -name of the created service account. - -## Topology - -KUDO Cassandra supports the cluster setup with a single `NODE_TOPOLOGY` -parameter. This parameter contains a YAML structure that describes the expected -setup. - -An example: - -```yaml -- datacenter: dc1 - datacenterLabels: - failure-domain.beta.kubernetes.io/region: us-west-2 - nodes: 9 - rackLabelKey: failure-domain.beta.kubernetes.io/zone - racks: - - rack: rack1 - rackLabelValue: us-west-2a - - rack: rack2 - rackLabelValue: us-west-2b - - rack: rack3 - rackLabelValue: us-west-2c -- datacenter: dc2 - datacenterLabels: - failure-domain.beta.kubernetes.io/region: us-east-1 - nodes: 9 - rackLabelKey: failure-domain.beta.kubernetes.io/zone - racks: - - rack: rack4 - rackLabelValue: us-east-1a - - rack: rack5 - rackLabelValue: us-east-1b - - rack: rack6 - rackLabelValue: us-east-1c -``` - -This deployment requires a kubernetes cluster of at least 18 worker nodes, with -at least 9 in each `us-west-2` and `us-east1` region. - -It will deploy two StatefulSets with each 9 pods. Each StatefulSet creates it's -own ring, the replication factor between the datacenters can be specified on the -keyspace level inside cassandra. - -It is _not_ possible to exactly specify how many pods will be started on each -rack at the moment - the KUDO Cassandra operator and Kubernetes will distribute -the Cassandra nodes over all specified racks by availability and with the most -possible spread: - -For example, if we use the above example, and the nodes in the `us-west-2` -region are: - -- 5x `us-west-2a` -- 5x `us-west-2b` -- 5x `us-west-2c` - -The operator would deploy 3 cassandra nodes in each availability zone. - -If the nodes were: - -- 1x `us-west-2a` -- 10x `us-west-2b` -- 15x `us-west-2c` - -Then the cassandra node distribution would probably end up similar to this: - -- 1x `us-west-2a` -- 4x `us-west-2b` -- 4x `us-west-2c` - -## Adding instances running in other Kubernetes clusters - -Datacenters can also span multiple Kubernetes clusters. To let an instance know -about a datacenter running in another Kubernetes cluster, the -`EXTERNAL_SEED_NODES` parameter has to be set. This parameter takes an array of -DNS names or IP addresses that seed nodes outside of the cluster have. The -clusters have to be set up so that the pods running Cassandra nodes can -communicate with each other. Futhermore, the cluster names have to be the same -across all datacenters. This is achieved by using the same instance name or -setting the `OVERRIDE_CLUSTER_NAME` parameter across all datacenters. - -For example, if we have a Kubernetes cluster in the `us-west-2` region with 5 -nodes. When starting a new Cassandra instance on a Kubernetes cluster in the -`us-east-2` region, we set `EXTERNAL_SEED_NODES` to the seed nodes of the -cluster in `us-west-2` - -```yaml -EXTERNAL_SEED_NODES: - [ - , - , - , - ] -``` - -Once the Cassandra instance in `us-east-2` has been deployed, the Cassandra -instances in `us-west-2` has to be updated to learn about the seed nodes of the -cluster in `us-east2`. Once that is done, both datacenters are replicating with -each other. - -## Other parameters - -### Endpoint Snitch - -To let cassandra know about the topology, a different Snitch needs to be set: - -```text -ENDPOINT_SNITCH=GossipingPropertyFileSnitch -``` - -The GossipingPropertyFileSnitch lets cassandra read the datacenter and rack -information from a local file which the operator generates from the -`NODE_TOPOLOGY`. - -### Node Anti-Affinity - -This prefents the cluster to schedule two cassandra nodes on to the same -Kubernetes node. - -```text -NODE_ANTI_AFFINITY=true -``` - -If this feature is enabled, you _must_ have at least that many Kubernetes nodes -in your cluster as you use in the NODE_TOPOLOGY definition. - -### Full list of required parameters - -```text -ENDPOINT_SNITCH=GossipingPropertyFileSnitch -NODE_ANTI_AFFINITY=true -NODE_TOPOLOGY= -``` diff --git a/repository/cassandra/3.11/docs/parameters.md b/repository/cassandra/3.11/docs/parameters.md deleted file mode 100644 index 49eee23..0000000 --- a/repository/cassandra/3.11/docs/parameters.md +++ /dev/null @@ -1,251 +0,0 @@ -# Parameters - -| Name | Description | Default | -| -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **NODE_COUNT** | Number of Cassandra nodes. | 3 | -| **NODE_CPU_MC** | CPU request (in millicores) for the Cassandra node containers. | 1000 | -| **NODE_CPU_LIMIT_MC** | CPU limit (in millicores) for the Cassandra node containers. | 1000 | -| **NODE_MEM_MIB** | Memory request (in MiB) for the Cassandra node containers. | 4096 | -| **NODE_MEM_LIMIT_MIB** | Memory limit (in MiB) for the Cassandra node containers. | 4096 | -| **NODE_DISK_SIZE_GIB** | Disk size (in GiB) for the Cassandra node containers. | 20 | -| **NODE_STORAGE_CLASS** | The storage class to be used in volumeClaimTemplates. By default, it is not required and the default storage class is used. | | -| **NODE_DOCKER_IMAGE** | Cassandra node Docker image. | mesosphere/cassandra:3.11.6-1.0.1 | -| **NODE_DOCKER_IMAGE_PULL_POLICY** | Cassandra node Docker image pull policy. | Always | -| **NODE_READINESS_PROBE_INITIAL_DELAY_S** | Number of seconds after the container has started before the readiness probe is initiated. | 0 | -| **NODE_READINESS_PROBE_PERIOD_S** | How often (in seconds) to perform the readiness probe. | 5 | -| **NODE_READINESS_PROBE_TIMEOUT_S** | How long (in seconds) to wait for a readiness probe to succeed. | 60 | -| **NODE_READINESS_PROBE_SUCCESS_THRESHOLD** | Minimum consecutive successes for the readiness probe to be considered successful after having failed. | 1 | -| **NODE_READINESS_PROBE_FAILURE_THRESHOLD** | When a pod starts and the readiness probe fails, `failure_threshold` attempts will be made before marking the pod as 'unready'. | 3 | -| **NODE_LIVENESS_PROBE_INITIAL_DELAY_S** | Number of seconds after the container has started before the liveness probe is initiated. | 15 | -| **NODE_LIVENESS_PROBE_PERIOD_S** | How often (in seconds) to perform the liveness probe. | 20 | -| **NODE_LIVENESS_PROBE_TIMEOUT_S** | How long (in seconds) to wait for a liveness probe to succeed. | 60 | -| **NODE_LIVENESS_PROBE_SUCCESS_THRESHOLD** | Minimum consecutive successes for the liveness probe to be considered successful after having failed. | 1 | -| **NODE_LIVENESS_PROBE_FAILURE_THRESHOLD** | When a pod starts and the liveness probe fails, `failure_threshold` attempts will be made before restarting the pod. | 3 | -| **NODE_TOLERATIONS** | A list of kubernetes tolerations to let pods get scheduled on tainted nodes | | -| **OVERRIDE_CLUSTER_NAME** | Override the name of the Cassandra cluster set by the operator. This shouldn't be explicit set, unless you know what you're doing. | | -| **EXTERNAL_SERVICE** | Needs to be true for either EXTERNAL_NATIVE_TRANSPORT or EXTERNAL_RPC to work | False | -| **EXTERNAL_NATIVE_TRANSPORT** | This exposes the Cassandra cluster via an external service so it can be accessed from outside the Kubernetes cluster | False | -| **EXTERNAL_RPC** | This exposes the Cassandra cluster via an external service so it can be accessed from outside the Kubernetes cluster. Works only if START_RPC is true | False | -| **EXTERNAL_NATIVE_TRANSPORT_PORT** | The external port to use for Cassandra native transport protocol. | 9042 | -| **EXTERNAL_RPC_PORT** | The external port to use for Cassandra rpc protocol. | 9160 | -| **BOOTSTRAP_TIMEOUT** | Timeout for the bootstrap binary to join the cluster with the new IP. Valid time units are 'ns', 'us', 'ms', 's', 'm', 'h'. | 12h30m | -| **SHUTDOWN_OLD_REACHABLE_NODE** | When a node replace is done, try to connect to the old node and shut it down before starting up the old node | False | -| **JOLOKIA_PORT** | The internal port for the Jolokia Agent. This port is not exposed, but can be changed if it conflicts with another port. | 7777 | -| **BACKUP_RESTORE_ENABLED** | Global flag that enables the medusa sidecar for backups | False | -| **BACKUP_TRIGGER** | Trigger parameter to start a backup. Simply needs to be changed from the current value to start a backup | 1 | -| **BACKUP_AWS_CREDENTIALS_SECRET** | If set, can be used to provide the access_key, secret_key and security_token with a secret | | -| **BACKUP_AWS_S3_BUCKET_NAME** | The name of the AWS S3 bucket to store the backups | | -| **BACKUP_AWS_S3_STORAGE_PROVIDER** | Should be one of the s3\_\* values from https://github.com/apache/libcloud/blob/trunk/libcloud/storage/types.py | s3_us_west_oregon | -| **BACKUP_PREFIX** | A prefix to be used inside the S3 bucket | | -| **BACKUP_MEDUSA_CPU_MC** | CPU request (in millicores) for the Medusa backup containers. | 100 | -| **BACKUP_MEDUSA_CPU_LIMIT_MC** | CPU limit (in millicores) for the Medusa backup containers. | 500 | -| **BACKUP_MEDUSA_MEM_MIB** | Memory request (in MiB) for the Medusa backup containers. | 256 | -| **BACKUP_MEDUSA_MEM_LIMIT_MIB** | Memory limit (in MiB) for the Medusa backup containers. | 512 | -| **BACKUP_MEDUSA_DOCKER_IMAGE** | Medusa backup Docker image. | mesosphere/kudo-cassandra-medusa:0.6.0-1.0.1 | -| **BACKUP_MEDUSA_DOCKER_IMAGE_PULL_POLICY** | Medusa backup Docker image pull policy. | Always | -| **BACKUP_NAME** | The name of the backup to create or restore | | -| **RESTORE_FLAG** | If true, a restore is done on installation | False | -| **RESTORE_OLD_NAMESPACE** | The namespace from the operator that was used to create the backup | | -| **RESTORE_OLD_NAME** | The instance name from the operator that was used to create the backup | | -| **NODE_TOPOLOGY** | This describes a multi-datacenter setup. When set it has precedence over NODE_COUNT. See docs/multidatacenter.md for more details. | | -| **NODE_ANTI_AFFINITY** | Ensure that every Cassandra node is deployed on separate hosts. | False | -| **SERVICE_ACCOUNT_INSTALL** | This flag can be set to true to automatic installation of a cluster role, service account and role binding. | False | -| **EXTERNAL_SEED_NODES** | List of seed nodes external to this instance to add to the cluster. This allows clusters spanning multiple Kubernetes clusters. | | -| **PROMETHEUS_EXPORTER_ENABLED** | A toggle to enable the prometheus metrics exporter. | False | -| **PROMETHEUS_EXPORTER_PORT** | Prometheus exporter port. | 7200 | -| **PROMETHEUS_EXPORTER_CPU_MC** | CPU request (in millicores) for the Prometheus exporter containers. | 500 | -| **PROMETHEUS_EXPORTER_CPU_LIMIT_MC** | CPU limit (in millicores) for the Prometheus exporter containers. | 1000 | -| **PROMETHEUS_EXPORTER_MEM_MIB** | Memory request (in MiB) for the Prometheus exporter containers. | 512 | -| **PROMETHEUS_EXPORTER_MEM_LIMIT_MIB** | Memory limit (in MiB) for the Prometheus exporter containers. | 512 | -| **PROMETHEUS_EXPORTER_DOCKER_IMAGE** | Prometheus exporter Docker image. | mesosphere/cassandra-prometheus-exporter:2.3.4-1.0.1 | -| **PROMETHEUS_EXPORTER_DOCKER_IMAGE_PULL_POLICY** | Prometheus exporter Docker image pull policy. | Always | -| **PROMETHEUS_EXPORTER_CUSTOM_CONFIG_CM_NAME** | The properties present in this configmap will be appended to the prometheus configuration properties | | -| **STORAGE_PORT** | The port for inter-node communication. | 7000 | -| **SSL_STORAGE_PORT** | The port for inter-node communication over SSL. | 7001 | -| **NATIVE_TRANSPORT_PORT** | The port for CQL communication. | 9042 | -| **RPC_PORT** | The port for Thrift RPC communication. | 9160 | -| **JMX_PORT** | The JMX port that will be used to interface with the Cassandra application. | 7199 | -| **RMI_PORT** | The RMI port that will be used to interface with the Cassandra application when TRANSPORT_ENCRYPTION_ENABLED is set. | 7299 | -| **JMX_LOCAL_ONLY** | If true, the JMX port will only be opened on localhost and not be available to the cluster | True | -| **TRANSPORT_ENCRYPTION_ENABLED** | Enable node-to-node encryption. | False | -| **TRANSPORT_ENCRYPTION_CLIENT_ENABLED** | Enable client-to-node encryption. | False | -| **TRANSPORT_ENCRYPTION_CIPHERS** | Comma-separated list of JSSE Cipher Suite Names. | TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | -| **TRANSPORT_ENCRYPTION_CLIENT_ALLOW_PLAINTEXT** | Enable Server-Client plaintext communication alongside encrypted traffic. | False | -| **TRANSPORT_ENCRYPTION_REQUIRE_CLIENT_AUTH** | Enable client certificate authentication on node-to-node transport encryption. | True | -| **TRANSPORT_ENCRYPTION_CLIENT_REQUIRE_CLIENT_AUTH** | Enable client certificate authentication on client-to-node transport encryption. | True | -| **TLS_SECRET_NAME** | The TLS secret that contains the self-signed certificate (cassandra.crt) and the private key (cassandra.key). The secret will be mounted as a volume to make the artifacts available. | cassandra-tls | -| **NODE_MIN_HEAP_SIZE_MB** | The minimum JVM heap size in MB. This has a smart default and doesn't need to be explicitly set. | | -| **NODE_MAX_HEAP_SIZE_MB** | The maximum JVM heap size in MB. This has a smart default and doesn't need to be explicitly set. | | -| **NODE_NEW_GENERATION_HEAP_SIZE_MB** | The JVM new generation heap size in MB. | | -| **SEED_PROVIDER_CLASS** | The class within Cassandra that handles the seed logic. | org.apache.cassandra.locator.SimpleSeedProvider | -| **NUM_TOKENS** | The number of tokens assigned to each node. | 256 | -| **HINTED_HANDOFF_ENABLED** | If true, hinted handoff is enabled for the cluster. | True | -| **MAX_HINT_WINDOW_IN_MS** | The maximum amount of time, in ms, that hints are generated for an unresponsive node. | 10800000 | -| **HINTED_HANDOFF_THROTTLE_IN_KB** | The maximum throttle per delivery thread in KBs per second. | 1024 | -| **MAX_HINTS_DELIVERY_THREADS** | The maximum number of delivery threads for hinted handoff. | 2 | -| **BATCHLOG_REPLAY_THROTTLE_IN_KB** | The total maximum throttle for replaying failed logged batches in KBs per second. | 1024 | -| **AUTHENTICATOR** | Authentication backend, implementing IAuthenticator; used to identify users. | AllowAllAuthenticator | -| **AUTHENTICATION_SECRET_NAME** | Name of the secret containing the credentials used by the operator when running 'nodetool' for its functionality. Only relevant if AUTHENTICATOR is set to 'PasswordAuthenticator'. The secret needs to have a 'username' and a 'password' entry. | | -| **AUTHORIZER** | Authorization backend, implementing IAuthorizer; used to limit access/provide permissions. | AllowAllAuthorizer | -| **ROLE_MANAGER** | Part of the Authentication & Authorization backend that implements IRoleManager to maintain grants and memberships between roles, By default, the value set is Apache Cassandra's out of the box Role Manager: CassandraRoleManager | CassandraRoleManager | -| **ROLES_VALIDITY_IN_MS** | Validity period for roles cache; set to 0 to disable | 2000 | -| **ROLES_UPDATE_INTERVAL_IN_MS** | After this interval, cache entries become eligible for refresh. Upon next access, Cassandra schedules an async reload, and returns the old value until the reload completes. If roles_validity_in_ms is non-zero, then this must be also. | | -| **CREDENTIALS_VALIDITY_IN_MS** | This cache is tightly coupled to the provided PasswordAuthenticator implementation of IAuthenticator. If another IAuthenticator implementation is configured, Cassandra does not use this cache, and these settings have no effect. Set to 0 to disable. | 2000 | -| **CREDENTIALS_UPDATE_INTERVAL_IN_MS** | After this interval, cache entries become eligible for refresh. The next time the cache is accessed, the system schedules an asynchronous reload of the cache. Until this cache reload is complete, the cache returns the old values. If credentials_validity_in_ms is nonzero, this property must also be nonzero. | | -| **PERMISSIONS_VALIDITY_IN_MS** | How many milliseconds permissions in cache remain valid. Fetching permissions can be resource intensive. To disable the cache, set this to 0. | 2000 | -| **PERMISSIONS_UPDATE_INTERVAL_IN_MS** | If enabled, sets refresh interval for the permissions cache. After this interval, cache entries become eligible for refresh. On next access, Cassandra schedules an async reload and returns the old value until the reload completes. If permissions_validity_in_ms is nonzero, permissions_update_interval_in_ms must also be non-zero. | | -| **PARTITIONER** | The partitioner used to distribute rows across the cluster. Murmur3Partitioner is the recommended setting. RandomPartitioner and ByteOrderedPartitioner are supported for legacy applications. | org.apache.cassandra.dht.Murmur3Partitioner | -| **KEY_CACHE_SAVE_PERIOD** | The duration in seconds that keys are saved in cache. Saved caches greatly improve cold-start speeds and has relatively little effect on I/O. | 14400 | -| **ROW_CACHE_SIZE_IN_MB** | Maximum size of the row cache in memory. Row cache can save more time than key_cache_size_in_mb, but is space-intensive because it contains the entire row. Use the row cache only for hot rows or static rows. 0 disables the row cache. | 0 | -| **ROW_CACHE_SAVE_PERIOD** | Duration in seconds that rows are saved in cache. 0 disables caching. | 0 | -| **COMMITLOG_SYNC_PERIOD_IN_MS** | The number of milliseconds between disk fsync calls. | 10000 | -| **COMMITLOG_SYNC_BATCH_WINDOW_IN_MS** | Time to wait between batch fsyncs, if commitlog_sync is in batch mode then default value should be: 2 | | -| **COMMITLOG_SEGMENT_SIZE_IN_MB** | The size of each commit log segment in Mb. | 32 | -| **CONCURRENT_READS** | For workloads with more data than can fit in memory, the bottleneck is reads fetching data from disk. Setting to (16 times the number of drives) allows operations to queue low enough in the stack so that the OS and drives can reorder them. | 16 | -| **CONCURRENT_WRITES** | Writes in Cassandra are rarely I/O bound, so the ideal number of concurrent writes depends on the number of CPU cores in your system. The recommended value is 8 times the number of cpu cores. | 32 | -| **CONCURRENT_COUNTER_WRITES** | Counter writes read the current values before incrementing and writing them back. The recommended value is (16 times the number of drives) . | 16 | -| **MEMTABLE_ALLOCATION_TYPE** | The type of allocations for the Cassandra memtable. heap_buffers keep all data on the JVM heap. offheap_buffers may reduce heap utilization for large string or binary values. offheap_objects may improve heap size for small integers or UUIDs as well. Both off heap options will increase read latency. | heap_buffers | -| **INDEX_SUMMARY_RESIZE_INTERVAL_IN_MINUTES** | How frequently index summaries should be re-sampled in minutes. This is done periodically to redistribute memory from the fixed-size pool to SSTables proportional their recent read rates. | 60 | -| **START_NATIVE_TRANSPORT** | If true, CQL is enabled. | True | -| **START_RPC** | If true, Thrift RPC is enabled. This is deprecated but may be necessary for legacy applications. | False | -| **RPC_KEEPALIVE** | Enables or disables keepalive on client connections (RPC or native). | True | -| **THRIFT_FRAMED_TRANSPORT_SIZE_IN_MB** | Frame size (maximum field length) for Thrift. | 15 | -| **TOMBSTONE_WARN_THRESHOLD** | The maximum number of tombstones a query can scan before warning. | 1000 | -| **TOMBSTONE_FAILURE_THRESHOLD** | The maximum number of tombstones a query can scan before aborting. | 100000 | -| **COLUMN_INDEX_SIZE_IN_KB** | The granularity of the index of rows within a partition. For huge rows, decrease this setting to improve seek time. If you use key cache, be careful not to make this setting too large because key cache will be overwhelmed. | 64 | -| **BATCH_SIZE_WARN_THRESHOLD_IN_KB** | Warn the operator on a batch size exceeding this value in kilobytes. Caution should be taken on increasing the size of this threshold as it can lead to node instability. | 5 | -| **BATCH_SIZE_FAIL_THRESHOLD_IN_KB** | Fail batch sizes exceeding this value in kilobytes. Caution should be taken on increasing the size of this threshold as it can lead to node instability. | 50 | -| **COMPACTION_THROUGHPUT_MB_PER_SEC** | Throttles compaction to the specified total throughput across the node. Compaction frequency varies with direct proportion to write throughput and is necessary to limit the SSTable size. The recommended value is 16 to 32 times the rate of write throughput (in MB/second). | 16 | -| **SSTABLE_PREEMPTIVE_OPEN_INTERVAL_IN_MB** | When compacting, the replacement opens SSTables before they are completely written and uses in place of the prior SSTables for any range previously written. This setting helps to smoothly transfer reads between the SSTables by reducing page cache churn and keeps hot rows hot. | 50 | -| **READ_REQUEST_TIMEOUT_IN_MS** | The time that the coordinator waits for read operations to complete in ms. | 5000 | -| **RANGE_REQUEST_TIMEOUT_IN_MS** | The time that the coordinator waits for range scans complete in ms. | 10000 | -| **WRITE_REQUEST_TIMEOUT_IN_MS** | The time that the coordinator waits for write operations to complete in ms. | 2000 | -| **COUNTER_WRITE_REQUEST_TIMEOUT_IN_MS** | The time that the coordinator waits for counter write operations to complete in ms. | 5000 | -| **CAS_CONTENTION_TIMEOUT_IN_MS** | The time for which the coordinator will retry CAS operations on the same row in ms. | 1000 | -| **TRUNCATE_REQUEST_TIMEOUT_IN_MS** | The time that the coordinator waits for truncate operations to complete in ms. | 60000 | -| **REQUEST_TIMEOUT_IN_MS** | The default timeout for all other requests in ms. | 10000 | -| **DYNAMIC_SNITCH_UPDATE_INTERVAL_IN_MS** | The time, in ms, the snitch will wait before updating node scores. | 100 | -| **DYNAMIC_SNITCH_RESET_INTERVAL_IN_MS** | The time, in ms, the snitch will wait before resetting node scores allowing bad nodes to recover. | 600000 | -| **DYNAMIC_SNITCH_BADNESS_THRESHOLD** | Sets the performance threshold for dynamically routing client requests away from a poorly performing node. | 0.1 | -| **INTERNODE_COMPRESSION** | Controls whether traffic between nodes is compressed. all compresses all traffic. none compresses no traffic. dc compresses between datacenters. | dc | -| **MAX_HINTS_FILE_SIZE_IN_MB** | The maximum size of the hints file in Mb. | 128 | -| **HINTS_FLUSH_PERIOD_IN_MS** | The time, in ms, for the period in which hints are flushed to disk. | 10000 | -| **CONCURRENT_MATERIALIZED_VIEW_WRITES** | The maximum number of concurrent writes to materialized views. | 32 | -| **COMMITLOG_TOTAL_SPACE_IN_MB** | The total size of the commit log in Mb. | | -| **AUTO_SNAPSHOT** | Take a snapshot of the data before truncating a keyspace or dropping a table | True | -| **KEY_CACHE_KEYS_TO_SAVE** | The number of keys from the key cache to save | | -| **ROW_CACHE_KEYS_TO_SAVE** | The number of keys from the row cache to save | | -| **COUNTER_CACHE_KEYS_TO_SAVE** | The number of keys from the counter cache to save | | -| **FILE_CACHE_SIZE_IN_MB** | The total memory to use for SSTable-reading buffers | | -| **MEMTABLE_HEAP_SPACE_IN_MB** | The amount of on-heap memory allocated for memtables | | -| **MEMTABLE_OFFHEAP_SPACE_IN_MB** | The total amount of off-heap memory allocated for memtables | | -| **MEMTABLE_CLEANUP_THRESHOLD** | The ratio used for automatic memtable flush | | -| **MEMTABLE_FLUSH_WRITERS** | The number of memtable flush writer threads | | -| **LISTEN_ON_BROADCAST_ADDRESS** | Listen on the address set in broadcast_address property | | -| **INTERNODE_AUTHENTICATOR** | The internode authentication backend | | -| **NATIVE_TRANSPORT_MAX_THREADS** | The maximum number of thread handling requests | | -| **NATIVE_TRANSPORT_MAX_FRAME_SIZE_IN_MB** | The maximum allowed size of a frame | | -| **NATIVE_TRANSPORT_MAX_CONCURRENT_CONNECTIONS** | The maximum number of concurrent client connections | | -| **NATIVE_TRANSPORT_MAX_CONCURRENT_CONNECTIONS_PER_IP** | The maximum number of concurrent client connections per source IP address | | -| **RPC_MIN_THREADS** | The minimum thread pool size for remote procedure calls | | -| **RPC_MAX_THREADS** | The maximum thread pool size for remote procedure calls | | -| **RPC_SEND_BUFF_SIZE_IN_BYTES** | The sending socket buffer size in bytes for remote procedure calls | | -| **RPC_RECV_BUFF_SIZE_IN_BYTES** | The receiving socket buffer size for remote procedure calls | | -| **CONCURRENT_COMPACTORS** | The number of concurrent compaction processes allowed to run simultaneously on a node | | -| **STREAM_THROUGHPUT_OUTBOUND_MEGABITS_PER_SEC** | The maximum throughput of all outbound streaming file transfers on a node | | -| **INTER_DC_STREAM_THROUGHPUT_OUTBOUND_MEGABITS_PER_SEC** | The maximum throughput of all streaming file transfers between datacenters | | -| **STREAMING_KEEP_ALIVE_PERIOD_IN_SECS** | Interval to send keep-alive messages. The stream session fails when a keep-alive message is not received for 2 keep-alive cycles. | | -| **PHI_CONVICT_THRESHOLD** | The sensitivity of the failure detector on an exponential scale | | -| **BUFFER_POOL_USE_HEAP_IF_EXHAUSTED** | Allocate on-heap memory when the SSTable buffer pool is exhausted | | -| **DISK_OPTIMIZATION_STRATEGY** | The strategy for optimizing disk reads | | -| **MAX_VALUE_SIZE_IN_MB** | The maximum size of any value in SSTables | | -| **OTC_COALESCING_STRATEGY** | The strategy to use for coalescing network messages. Values can be: fixed, movingaverage, timehorizon, disabled (default) | | -| **UNLOGGED_BATCH_ACROSS_PARTITIONS_WARN_THRESHOLD** | Causes Cassandra to log a WARN message on any batches not of type LOGGED that span across more partitions than this limit. | 10 | -| **COMPACTION_LARGE_PARTITION_WARNING_THRESHOLD_MB** | Cassandra logs a warning when compacting partitions larger than the set value. | 100 | -| **REQUEST_SCHEDULER** | The scheduler to handle incoming client requests according to a defined policy. This scheduler is useful for throttling client requests in single clusters containing multiple keyspaces. | org.apache.cassandra.scheduler.NoScheduler | -| **INTER_DC_TCP_NODELAY** | Enable this property for inter-datacenter communication. | False | -| **TRACETYPE_QUERY_TTL** | TTL for different trace types used during logging of the query process. | 86400 | -| **TRACETYPE_REPAIR_TTL** | TTL for different trace types used during logging of the repair process. | 604800 | -| **GC_WARN_THRESHOLD_IN_MS** | Any GC pause longer than this interval is logged at the WARN level. | 1000 | -| **WINDOWS_TIMER_INTERVAL** | The default Windows kernel timer and scheduling resolution is 15.6ms for power conservation. Lowering this value on Windows can provide much tighter latency and better throughput, however some virtualized environments may see a negative performance impact from changing this setting below their system default. | 1 | -| **COUNTER_CACHE_SAVE_PERIOD** | the amount of time after which Cassandra saves the counter cache (keys only). | 7200 | -| **TRICKLE_FSYNC_INTERVAL_IN_KB** | The size of the fsync in kilobytes. | 10240 | -| **TRICKLE_FSYNC** | When set to true, causes fsync to force the operating system to flush the dirty buffers at the set interval | False | -| **INCREMENTAL_BACKUPS** | Backs up data updated since the last snapshot was taken. When enabled, Cassandra creates a hard link to each SSTable flushed or streamed locally in a backups subdirectory of the keyspace data. | False | -| **SNAPSHOT_BEFORE_COMPACTION** | Enables or disables taking a snapshot before each compaction. A snapshot is useful to back up data when there is a data format change. | False | -| **CROSS_NODE_TIMEOUT** | operation timeout information exchange between nodes (to accurately measure request timeouts). | False | -| **COMMIT_FAILURE_POLICY** | Policy for commit disk failures. | stop | -| **KEY_CACHE_SIZE_IN_MB** | A global cache setting for the maximum size of the key cache in memory (for all tables). | | -| **COUNTER_CACHE_SIZE_IN_MB** | When no value is set, Cassandra uses the smaller of minimum of 2.5% of Heap or 50MB. | | -| **COMMITLOG_SYNC** | The method that Cassandra uses to acknowledge writes in milliseconds | periodic | -| **INDEX_SUMMARY_CAPACITY_IN_MB** | Fixed memory pool size in MB for SSTable index summaries. | | -| **RPC_SERVER_TYPE** | Cassandra provides three options for the RPC server. sync and hsha performance is about the same, but hsha uses less memory. | sync | -| **ENDPOINT_SNITCH** | Set to a class that implements the IEndpointSnitch interface. Cassandra uses the snitch to locate nodes and route requests. | SimpleSnitch | -| **DISK_FAILURE_POLICY** | The policy for how Cassandra responds to disk failure | stop | -| **ENABLE_USER_DEFINED_FUNCTIONS** | User defined functions (UDFs) present a security risk, since they are executed on the server side. UDFs are executed in a sandbox to contain the execution of malicious code. | False | -| **ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS** | Java UDFs are always enabled, if enable_user_defined_functions is true. Enable this option to use UDFs with language javascript or any custom JSR-223 provider. This option has no effect if enable_user_defined_functions is false | False | -| **ENABLE_MATERIALIZED_VIEWS** | Enables materialized view creation on this node. Materialized views are considered experimental and are not recommended for production use. | False | -| **CDC_ENABLED** | Enable / disable CDC functionality on a per-node basis. This modifies the logic used for write path allocation rejection | False | -| **CDC_TOTAL_SPACE_IN_MB** | Total space to use for change-data-capture (CDC) logs on disk. | | -| **CDC_FREE_SPACE_CHECK_INTERVAL_MS** | Interval between checks for new available space for CDC-tracked tables when the cdc_total_space_in_mb threshold is reached and the CDCCompactor is running behind or experiencing back pressure. | | -| **PREPARED_STATEMENTS_CACHE_SIZE_MB** | Maximum size of the native protocol prepared statement cache | | -| **THRIFT_PREPARED_STATEMENTS_CACHE_SIZE_MB** | Maximum size of the Thrift prepared statement cache. Leave empty if you do not use Thrift. | | -| **COLUMN_INDEX_CACHE_SIZE_IN_KB** | A threshold for the total size of all index entries for a partition that the database stores in the partition key cache. | 2 | -| **SLOW_QUERY_LOG_TIMEOUT_IN_MS** | How long before a node logs slow queries. Select queries that exceed this value generate an aggregated log message to identify slow queries. To disable, set to 0. | 500 | -| **BACK_PRESSURE_ENABLED** | Enable for the coordinator to apply the specified back pressure strategy to each mutation that is sent to replicas. | False | -| **BACK_PRESSURE_STRATEGY_CLASS_NAME** | The back-pressure strategy applied. The default implementation, RateBasedBackPressure, takes three arguments: high ratio, factor, and flow type, and uses the ratio between incoming mutation responses and outgoing mutation requests. | org.apache.cassandra.net.RateBasedBackPressure | -| **BACK_PRESSURE_STRATEGY_HIGH_RATIO** | When outgoing mutations are below this value, they are rate limited according to the incoming rate decreased by the factor. When above this value, the rate limiting is increased by the factor. | 0.9 | -| **BACK_PRESSURE_STRATEGY_FACTOR** | A number between 1 and 10. Increases or decreases rate limiting. | 5 | -| **BACK_PRESSURE_STRATEGY_FLOW** | The flow speed to apply rate limiting: FAST - rate limited to the speed of the fastest replica. SLOW - rate limit to the speed of the slowest replica. | FAST | -| **ALLOCATE_TOKENS_FOR_KEYSPACE** | Triggers automatic allocation of num_tokens tokens for this node. The allocation algorithm attempts to choose tokens in a way that optimizes replicated load over the nodes in the datacenter for the replication strategy used by the specified keyspace. | | -| **HINTS_DIRECTORY** | Directory where Cassandra should store hints. | | -| **COMMITLOG_DIRECTORY** | When running on magnetic HDD, this should be a separate spindle than the data directories. If not set, the default directory is \$CASSANDRA_HOME/data/commitlog. | | -| **CDC_RAW_DIRECTORY** | CommitLogSegments are moved to this directory on flush if cdc_enabled: true and the segment contains mutations for a CDC-enabled table | | -| **ROW_CACHE_CLASS_NAME** | Row cache implementation class name. | | -| **SAVED_CACHES_DIRECTORY** | saved caches If not set, the default directory is \$CASSANDRA_HOME/data/saved_caches. | | -| **INTERNODE_SEND_BUFF_SIZE_IN_BYTES** | Set socket buffer size for internode communication Note that when setting this, the buffer size is limited by net.core.wmem_max and when not setting it it is defined by net.ipv4.tcp_wm | | -| **INTERNODE_RECV_BUFF_SIZE_IN_BYTES** | Set socket buffer size for internode communication Note that when setting this, the buffer size is limited by net.core.wmem_max and when not setting it it is defined by net.ipv4.tcp_wmem | | -| **GC_LOG_THRESHOLD_IN_MS** | GC Pauses greater than 200 ms will be logged at INFO level This threshold can be adjusted to minimize logging if necessary | | -| **OTC_COALESCING_WINDOW_US** | How many microseconds to wait for coalescing. | | -| **OTC_COALESCING_ENOUGH_COALESCED_MESSAGES** | Do not try to coalesce messages if we already got that many messages. This should be more than 2 and less than 128. | | -| **OTC_BACKLOG_EXPIRATION_INTERVAL_MS** | How many milliseconds to wait between two expiration runs on the backlog (queue) of the OutboundTcpConnection. | | -| **REPAIR_SESSION_MAX_TREE_DEPTH** | Limits the maximum Merkle tree depth to avoid consuming too much memory during repairs. | | -| **ENABLE_SASI_INDEXES** | Enables SASI index creation on this node. SASI indexes are considered experimental and are not recommended for production use. | | -| **CUSTOM_CASSANDRA_YAML_BASE64** | Base64-encoded Cassandra properties appended to cassandra.yaml. | | -| **KUBECTL_VERSION** | Version of 'bitnami/kubectl' image. This image is used for some functionality of the operator. | 1.18.4 | -| **JVM_OPT_AVAILABLE_PROCESSORS** | In a multi-instance deployment, multiple Cassandra instances will independently assume that all CPU processors are available to it. This setting allows you to specify a smaller set of processors and perhaps have affinity. | | -| **JVM_OPT_JOIN_RING** | Set to false to start Cassandra on a node but not have the node join the cluster. | | -| **JVM_OPT_LOAD_RING_STATE** | Set to false to clear all gossip state for the node on restart. Use when you have changed node information in cassandra.yaml (such as listen_address). | | -| **JVM_OPT_REPLAYLIST** | Allow restoring specific tables from an archived commit log. | | -| **JVM_OPT_RING_DELAY_MS** | Allows overriding of the default RING_DELAY (30000ms), which is the amount of time a node waits before joining the ring. | | -| **JVM_OPT_TRIGGERS_DIR** | Set the default location for the trigger JARs. (Default: conf/triggers) | | -| **JVM_OPT_WRITE_SURVEY** | For testing new compaction and compression strategies. It allows you to experiment with different strategies and benchmark write performance differences without affecting the production workload. | | -| **JVM_OPT_DISABLE_AUTH_CACHES_REMOTE_CONFIGURATION** | To disable configuration via JMX of auth caches (such as those for credentials, permissions and roles). This will mean those config options can only be set (persistently) in cassandra.yaml and will require a restart for new values to take effect. | | -| **JVM_OPT_FORCE_DEFAULT_INDEXING_PAGE_SIZE** | To disable dynamic calculation of the page size used when indexing an entire partition (during initial index build/rebuild). If set to true, the page size will be fixed to the default of 10000 rows per page. | | -| **JVM_OPT_PREFER_IPV4_STACK** | Prefer binding to IPv4 network intefaces (when net.ipv6.bindv6only=1). See http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6342561 (short version: comment out this entry to enable IPv6 support). | True | -| **JVM_OPT_EXPIRATION_DATE_OVERFLOW_POLICY** | Defines how to handle INSERT requests with TTL exceeding the maximum supported expiration date. | | -| **JVM_OPT_THREAD_PRIORITY_POLICY** | allows lowering thread priority without being root on linux - probably not necessary on Windows but doesn't harm anything. | 42 | -| **JVM_OPT_THREAD_STACK_SIZE** | Per-thread stack size. | 256k | -| **JVM_OPT_STRING_TABLE_SIZE** | Larger interned string table, for gossip's benefit (CASSANDRA-6410) | 1000003 | -| **JVM_OPT_SURVIVOR_RATIO** | CMS Settings: SurvivorRatio | 8 | -| **JVM_OPT_MAX_TENURING_THRESHOLD** | CMS Settings: MaxTenuringThreshold | 1 | -| **JVM_OPT_CMS_INITIATING_OCCUPANCY_FRACTION** | CMS Settings: CMSInitiatingOccupancyFraction | 75 | -| **JVM_OPT_CMS_WAIT_DURATION** | CMS Settings: CMSWaitDuration | 10000 | -| **JVM_OPT_NUMBER_OF_GC_LOG_FILES** | GC logging options: NumberOfGCLogFiles | 10 | -| **JVM_OPT_GC_LOG_FILE_SIZE** | GC logging options: GCLOGFILESIZE | 10M | -| **JVM_OPT_GC_LOG_DIRECTORY** | GC logging options: GC_LOG_DIRECTORY | | -| **JVM_OPT_PRINT_FLS_STATISTICS** | GC logging options: PrintFLSStatistics | | -| **JVM_OPT_CONC_GC_THREADS** | By default, ConcGCThreads is 1/4 of ParallelGCThreads. Setting both to the same value can reduce STW durations. | | -| **JVM_OPT_INITIATING_HEAP_OCCUPANCY_PERCENT** | Save CPU time on large (>= 16GB) heaps by delaying region scanning until the heap is 70% full. The default in Hotspot 8u40 is 40%. | | -| **JVM_OPT_MAX_GC_PAUSE_MILLIS** | Main G1GC tunable: lowering the pause target will lower throughput and vise versa. | | -| **JVM_OPT_G1R_SET_UPDATING_PAUSE_TIME_PERCENT** | Have the JVM do less remembered set work during STW, instead preferring concurrent GC. Reduces p99.9 latency. | | -| **CUSTOM_JVM_OPTIONS_BASE64** | Base64-encoded JVM options appended to jvm.options. | | -| **POD_MANAGEMENT_POLICY** | podManagementPolicy of the Cassandra Statefulset | OrderedReady | -| **REPAIR_POD** | Name of the pod on which 'nodetool repair' should be run. | | -| **RECOVERY_CONTROLLER** | Needs to be true for automatic failure recovery and node eviction | False | -| **RECOVERY_CONTROLLER_DOCKER_IMAGE** | Recovery controller Docker image. | mesosphere/kudo-cassandra-recovery:0.0.2-1.0.1 | -| **RECOVERY_CONTROLLER_DOCKER_IMAGE_PULL_POLICY** | Recovery controller Docker image pull policy. | Always | -| **RECOVERY_CONTROLLER_CPU_MC** | CPU request (in millicores) for the Recovery controller container. | 50 | -| **RECOVERY_CONTROLLER_CPU_LIMIT_MC** | CPU limit (in millicores) for the Recovery controller container. | 200 | -| **RECOVERY_CONTROLLER_MEM_MIB** | Memory request (in MiB) for the Recovery controller container. | 50 | -| **RECOVERY_CONTROLLER_MEM_LIMIT_MIB** | Memory limit (in MiB) for the Recovery controller container. | 256 | diff --git a/repository/cassandra/3.11/docs/production.md b/repository/cassandra/3.11/docs/production.md deleted file mode 100644 index f031614..0000000 --- a/repository/cassandra/3.11/docs/production.md +++ /dev/null @@ -1,108 +0,0 @@ -# Running KUDO Cassandra in production - -Before running KUDO Cassandra in production, please follow this guide to ensure -the reliable stability of your production cluster. - -Also, please read about -[Cassandra Anti-Patterns](https://docs.datastax.com/en/dse-planning/doc/planning/planningAntiPatterns.html) -to not to follow any bad practices when running production workload. - -## Compute Resources - -For production use of KUDO Cassandra we recommend a minimum of 32 GiB of memory -and 16 cores of CPU for guaranteed stability. - -Refer to -[Capacity Planning](https://docs.datastax.com/en/dse-planning/doc/planning/capacityPlanning.html) -to learn about capacity planning for a Cassandra installation. - -## Storage - -Verify that there is a storage class installed in the Kubernetes cluster. In -this example we will use the `aws-ebs-csi-driver` as the storage class -reference. - -``` -$ kubectl get sc -NAME PROVISIONER AGE -awsebscsiprovisioner (default) ebs.csi.aws.com 2d -``` - -### Volume Expansion - -Verify that the storage class has the option `AllowVolumeExpansion` set to -`true`. - -``` -$ kubectl describe sc awsebscsiprovisioner -Name: awsebscsiprovisioner -IsDefaultClass: Yes -Annotations: kubernetes.io/description=AWS EBS CSI provisioner StorageClass,storageclass.kubernetes.io/is-default-class=true -Provisioner: ebs.csi.aws.com -Parameters: type=gp2 -AllowVolumeExpansion: true -MountOptions: -ReclaimPolicy: Delete -VolumeBindingMode: WaitForFirstConsumer -Events: -``` - -:warning: In case `AllowVolumeExpansion` is `unset` or `false`, make sure to -provision enough disk when bootstrapping the KUDO Cassandra cluster. The disk -size can be configured using the `DISK_SIZE` parameter. By **default, DISK_SIZE -is set to 20Gi** and is **not ideal for production usage**. Users should -increase disk size by as much as they deem necessary for reliable stability. - -### ReclaimPolicy - -Verify the storage class has the option `ReclaimPolicy` set to `Retain`. - -To read more about the `ReclaimPolicy` see the official Kubernetes docs on -[Changing the Reclaim Policy](https://kubernetes.io/docs/tasks/administer-cluster/change-pv-reclaim-policy/) - -> PersistentVolumes can have various reclaim policies, including “Retain”, -> “Recycle”, and “Delete”. For dynamically provisioned PersistentVolumes, the -> default reclaim policy is “Delete”. This means that a dynamically provisioned -> volume is automatically deleted when a user deletes the corresponding -> PersistentVolumeClaim. This automatic behavior might be inappropriate if the -> volume contains precious data. In that case, it is more appropriate to use the -> “Retain” policy. With the “Retain” policy, if a user deletes a -> PersistentVolumeClaim, the corresponding PersistentVolume is not be deleted. -> Instead, it is moved to the Released phase, where all of its data can be -> manually recovered. - -If the `StorageClass` is to be shared between many users, a common practice is -to leave the default `ReclaimPolicy` as `Delete` and set `ReclaimPolicy: Retain` -in the `PersistentVolume` once the cluster is up and running. - -Let's see an example of a 3-broker KUDO Cassandra cluster's `PersistentVolumes` -where the `StorageClass` default `ReclaimPolicy` is `Delete` - -``` -$ kubectl get pv -NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE -pvc-6a9e69f4-b807-440f-b190-357c109e8ad9 20Gi RWO Delete Bound default/var-lib-cassandra-cassandra-instance-node-2 awsebscsiprovisioner 120m -pvc-8602a698-14a0-4c3d-85e6-67eb6da80a5d 20Gi RWO Delete Bound default/var-lib-cassandra-cassandra-instance-node-1 awsebscsiprovisioner 121m -pvc-de527673-8bee-4e38-9e6d-399ec07c2728 20Gi RWO Delete Bound default/var-lib-cassandra-cassandra-instance-node-0 awsebscsiprovisioner 123m -``` - -We can patch the `PersistentVolumes` to use the `ReclaimPolicy` of `Retain` - -``` -$ kubectl patch pv pvc-6a9e69f4-b807-440f-b190-357c109e8ad9 -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' -$ kubectl patch pv pvc-8602a698-14a0-4c3d-85e6-67eb6da80a5d -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' -$ kubectl patch pv pvc-de527673-8bee-4e38-9e6d-399ec07c2728 -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' - -persistentvolume/pvc-6a9e69f4-b807-440f-b190-357c109e8ad9 patched -persistentvolume/pvc-8602a698-14a0-4c3d-85e6-67eb6da80a5d patched -persistentvolume/pvc-de527673-8bee-4e38-9e6d-399ec07c2728 patched -``` - -Verify the `PersistentVolumes` `ReclaimPolicy` has been changed for all brokers: - -``` -$ kubectl get pv -pvc-6a9e69f4-b807-440f-b190-357c109e8ad9 5Gi RWO Retain Bound default/var-lib-cassandra-cassandra-instance-node-2 awsebscsiprovisioner 18h -pvc-8602a698-14a0-4c3d-85e6-67eb6da80a5d 5Gi RWO Retain Bound default/var-lib-cassandra-cassandra-instance-node-1 awsebscsiprovisioner 18h -pvc-de527673-8bee-4e38-9e6d-399ec07c2728 5Gi RWO Retain Bound default/var-lib-cassandra-cassandra-instance-node-0 awsebscsiprovisioner 18h -``` diff --git a/repository/cassandra/3.11/docs/repair.md b/repository/cassandra/3.11/docs/repair.md deleted file mode 100644 index c0f3be9..0000000 --- a/repository/cassandra/3.11/docs/repair.md +++ /dev/null @@ -1,63 +0,0 @@ -# Repair KUDO Cassandra - -KUDO Cassandra comes with a repair plan. It can be triggered using the -`REPAIR_POD` parameter. - -Let's see with an example of a 3 node cluster - -``` -kubectl get pods -NAME READY STATUS RESTARTS AGE -cassandra-instance-node-0 1/1 Running 0 4m44s -cassandra-instance-node-1 1/1 Running 0 4m7s -cassandra-instance-node-2 1/1 Running 1 3m25s -``` - -we can repair the node-0 by running - -``` -kubectl kudo update --instance=cassandra-instance -p REPAIR_POD=cassandra-instance-node-0 -``` - -This launches a job to repair the node-0 - -``` -kubectl get jobs -NAME COMPLETIONS DURATION AGE -cassandra-instance-node-repair-job 0/1 6s 6s -``` - -You can also follow the repair plan through the plan status - -``` -kubectl kudo plan status --instance=cassandra-instance -Plan(s) for "cassandra-instance" in namespace "default": -. -└── cassandra-instance (Operator-Version: "cassandra-1.0.0" Active-Plan: "repair") - ├── Plan backup (serial strategy) [NOT ACTIVE] - │   └── Phase backup (serial strategy) [NOT ACTIVE] - │   ├── Step cleanup [NOT ACTIVE] - │   └── Step backup [NOT ACTIVE] - ├── Plan deploy (serial strategy) [NOT ACTIVE] - │   ├── Phase rbac (parallel strategy) [NOT ACTIVE] - │   │   └── Step rbac-deploy [NOT ACTIVE] - │   └── Phase nodes (serial strategy) [NOT ACTIVE] - │   ├── Step pre-node [NOT ACTIVE] - │   └── Step node [NOT ACTIVE] - └── Plan repair (serial strategy) [COMPLETE], last updated 2020-06-18 13:15:35 - └── Phase repair (serial strategy) [COMPLETE] - ├── Step cleanup [COMPLETE] - └── Step repair [COMPLETE] -``` - -And to fetch the logs of the repair job we can get logs of the job. - -``` -kubectl logs --selector job-name=cassandra-instance-node-repair-job -I0618 11:18:06.389132 1 request.go:621] Throttling request took 1.154911388s, request: GET:https://10.0.0.1:443/apis/scheduling.kubefed.io/v1alpha1?timeout=32s -[2020-06-18 11:18:14,626] Replication factor is 1. No repair is needed for keyspace 'system_auth' -[2020-06-18 11:18:14,723] Starting repair command #1 (66fb8e80-b155-11ea-8794-a356fd81d293), repairing keyspace system_traces with repair options (parallelism: parallel, primary range: false, incremental: true, job threads: 1, ColumnFamilies: [], dataCenters: [], hosts: [], # of ranges: 512, pull repair: false) -[ ... lines removed for clarity ...] -[2020-06-18 11:18:18,720] Repair completed successfully -[2020-06-18 11:18:18,723] Repair command #1 finished in 4 seconds -``` diff --git a/repository/cassandra/3.11/docs/resources.md b/repository/cassandra/3.11/docs/resources.md deleted file mode 100644 index b19704a..0000000 --- a/repository/cassandra/3.11/docs/resources.md +++ /dev/null @@ -1,217 +0,0 @@ -# Resources - -## Computable Resources - -KUDO Cassandra by default requests 1.5 cpu and 4.5Gi of memory for each -Cassandra node. The default limits are 2 cpu and 4.5Gi of memory. - -Those requests and limits can be tuned using the following parameters: - -- NODE_CPU_MC -- NODE_CPU_LIMIT_MC -- NODE_MEM_MIB -- NODE_MEM_LIMIT_MIB -- PROMETHEUS_EXPORTER_CPU_MC -- PROMETHEUS_EXPORTER_CPU_LIMIT_MC -- PROMETHEUS_EXPORTER_MEM_MIB -- PROMETHEUS_EXPORTER_MEM_LIMIT_MIB -- RECOVERY_CONTROLLER_CPU_MC -- RECOVERY_CONTROLLER_CPU_LIMIT_MC -- RECOVERY_CONTROLLER_MEM_MIB -- RECOVERY_CONTROLLER_MEM_LIMIT_MIB - -## Storage resources - -By default, KUDO Cassandra uses 20GiB PV. This isn't recommended for production -use. Please refer to [production](./production.md) docs to see the storage and -compute resources recommendations. - -## Resources per container - -#### Cassandra container - -``` -resources: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 1 - memory: 4Gi -``` - -#### Bootstrap init container - -``` -resources: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 100m - memory: 128Mi -``` - -#### prometheus exporter sidecar - -``` -resources: - limits: - cpu: 1 - memory: 512Mi - requests: - cpu: 500m - memory: 512Mi -``` - -#### cassandra-recovery controller pod - -``` -resources: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 50m - memory: 50Mi -``` - -## Kubernetes Objects - -KUDO Cassandra is delivered with a specific set of features, which can be -enabled if needed. enabling those features creates more objects in Kubernetes -than default installation. - -Let’s take a look at the resources created by default when doing a simple -install: - -``` -$ kubectl kudo install cassandra -operator.kudo.dev/v1beta1/cassandra created -operatorversion.kudo.dev/v1beta1/cassandra- created -instance.kudo.dev/v1beta1/cassandra-instance created -instance.kudo.dev/v1beta1/cassandra-instance ready - -$ kubectl tree instance cassandra-instance -NAMESPACE NAME READY REASON AGE -default Instance/cassandra-instance - 6m11s -default ├─ConfigMap/cassandra-instance-cassandra-env-sh - 6m9s -default ├─ConfigMap/cassandra-instance-cassandra-exporter-config-yml - 6m9s -default ├─ConfigMap/cassandra-instance-generate-cassandra-yaml - 6m9s -default ├─ConfigMap/cassandra-instance-generate-cqlshrc-sh - 6m9s -default ├─ConfigMap/cassandra-instance-generate-nodetool-ssl-properties - 6m9s -default ├─ConfigMap/cassandra-instance-generate-tls-artifacts-sh - 6m9s -default ├─ConfigMap/cassandra-instance-jvm-options - 6m9s -default ├─ConfigMap/cassandra-instance-node-scripts - 6m9s -default ├─ConfigMap/cassandra-instance-topology-lock - 6m9s -default ├─PodDisruptionBudget/cassandra-instance-pdb - 6m9s -default ├─Role/cassandra-instance-node-role - 6m10s -default ├─Role/cassandra-instance-role - 6m9s -default ├─RoleBinding/cassandra-instance-binding - 6m9s -default ├─RoleBinding/cassandra-instance-node-default-binding - 6m10s -default ├─Secret/cassandra-instance-tls-store-credentials - 6m9s -default ├─Service/cassandra-instance-svc - 6m9s -default ├─ServiceAccount/cassandra-instance-sa - 6m9s -default ├─ServiceMonitor/cassandra-instance-monitor - 6m9s -default └─StatefulSet/cassandra-instance-node - 6m9s -default ├─ControllerRevision/cassandra-instance-node-659c89769d - 2m24s -default ├─Pod/cassandra-instance-node-0 True 2m14s -default ├─Pod/cassandra-instance-node-1 True 94s -default └─Pod/cassandra-instance-node-2 True 53s -``` - -### Statefulset - -Statefulsets are designed to manage stateful workload in Kubernetes. KUDO -Cassandra uses statefulsets. The operator by default uses `OrderedReady` pod -management policy. This guarantees that pods are created sequentially, which -means that when the Cassandra cluster is coming up, only one node starts at a -time. Pod names are -node- starting from -ordinal-index 0. For example a 3 node cluster created using KUDO Cassandra -instance name cass-prod will have these pods: - -``` -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -cass-prod-node-0 1/1 Running 0 101s -cass-prod-node-1 1/1 Running 0 49s -cass-prod-node-2 1/1 Running 0 8s -``` - -When a multi-datacenter configuration with `NODE_TOPOLOGY` is used, the pod -names include the datacenter name as well. See -[multi-datacenter](./multidatacenter.md) documentation. - -### Configmaps - -KUDO Cassandra generates the configurable scripts and properties used in KUDO -Cassandra operator as configmap objects. - -### PodDisruptionBudget - -KUDO Cassandra limits the number of pods that may be down simultaneously. For -Cassandra’s service to work without interruptions, especially when quorum-based -applications are running on top of Cassandra, we need to guarantee that the -number of replicas running is never brought below the number required for a -quorum, even temporarily. Unlike a regular pod deletion, for the KUDO Cassandra -pod eviction, the API server may reject the operation if the eviction would -cause the disruption budget to be exceeded. - -### ServiceAccount / Role / RoleBinding - -KUDO Cassandra creates one service account which is attached with two types of -roles. The service account is -sa and then the Roles are: - -``` --node-role --role -``` - -The node role is used by KUDO Cassandra's recovery feature which uses the -Kubernetes API to detect any deleted kubelets. It is also used to free up the -KUDO Cassandra PVC Claim Ref if that is necessary. The generic role, -`-role` is used by the Cassandra node bootstrap binary to update -the topology-lock configmap so it has access to the configmaps - -### Secrets - -KUDO Cassandra creates the TLS store credentials as a secret --tls-store-credentials. Those credentials are used as -keystore/truststore credentials, when adding certificates to them. This is done -when KUDO Cassandra's SSL feature is enabled. - -### Service - -KUDO Cassandra creates a headless service -svc (ClusterIP type). -This service is used for internal access from inside the Kubernetes cluster. - -``` -$ kubectl get svc -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -cassandra-instance-svc ClusterIP 10.0.51.69 7000/TCP,7001/TCP,9042/TCP,7200/TCP 26m -``` - -The service exposes the storage port on 7000 by default and on 7001 if SSL is -enabled. The native transport defaults to port 9042, and metrics are exposed via -port 7200 by default. - -The `RPC` port is disabled by default and can be enabled using the parameter -`START_RPC=true`, which will expose the RPC port on 9160 by default. All above -information can be exposed via custom ports using the parameters: - -``` -STORAGE_PORT -SSL_STORAGE_PORT -NATIVE_TRANSPORT_PORT -RPC_PORT -``` - -### ServiceMonitor - -KUDO Cassandra integrates with prometheus-operator by default. The -ServiceMonitor uses the labels kudo.dev/servicemonitor and kudo.dev/instance to -discover the Cassandra pods. - -To disable monitoring, users can start KUDO Cassandra with the parameter -`PROMETHEUS_EXPORTER_ENABLED=false`. Read more information about monitoring in -the [Monitoring](./monitoring.md) section diff --git a/repository/cassandra/3.11/docs/security.md b/repository/cassandra/3.11/docs/security.md deleted file mode 100644 index 8422a2c..0000000 --- a/repository/cassandra/3.11/docs/security.md +++ /dev/null @@ -1,124 +0,0 @@ -# Securing KUDO Cassandra Operator instances - -The KUDO Cassandra operator supports Cassandra’s native transport **encryption** -mechanism. The service provides automation and orchestration to simplify the use -of these important features. For more information on Apache Cassandra’s -security, read the -[security](https://docs.datastax.com/en/cassandra-oss/3.0/cassandra/configuration/secureTOC.html) -section of official Apache Cassandra documentation. - -## Encryption - -By default, KUDO Cassandra nodes use the plaintext protocol for its -[Node-to-node](https://docs.datastax.com/en/cassandra-oss/3.0/cassandra/configuration/secureSSLNodeToNode.html) -and -[Client-to-node](https://docs.datastax.com/en/cassandra-oss/3.0/cassandra/configuration/secureSSLClientToNode.html) -communication. It is recommended to enable the TLS encryption, to secure the -communication between nodes and client. - -### Enabling TLS encryption - -Create the TLS certificate to be used for Cassandra TLS encryptions - -```bash -openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout tls.key -out tls.crt -subj "/CN=CassandraCA" -days 365 -``` - -Create a kubernetes TLS secret using the certificate created in previous step - -```bash -kubectl create secret tls cassandra-tls -n kudo-cassandra --cert=tls.crt --key=tls.key -``` - -:warning: Make sure to create the certificate in the same namespace where the -KUDO Cassandra is being installed. - -#### Enabling only Node-to-node communication - -```bash -kubectl kudo install cassandra \ - --instance=cassandra \ - --namespace=kudo-cassandra \ - -p TRANSPORT_ENCRYPTION_ENABLED=true \ - -p TLS_SECRET_NAME=cassandra-tls -``` - -#### Enabling both Node-to-node and Client-to-node communication - -```bash -kubectl kudo install cassandra \ - --instance=cassandra \ - --namespace=kudo-cassandra \ - -p TRANSPORT_ENCRYPTION_ENABLED=true \ - -p TRANSPORT_ENCRYPTION_CLIENT_ENABLED=true \ - -p TLS_SECRET_NAME=cassandra-tls -``` - -The operator also allows you to allow plaintext communication along with -encrypted traffic in Client-to-node communication. - -```bash -kubectl kudo install cassandra \ - --instance=cassandra \ - --namespace=kudo-cassandra \ - -p TRANSPORT_ENCRYPTION_ENABLED=true \ - -p TRANSPORT_ENCRYPTION_CLIENT_ENABLED=true \ - -p TRANSPORT_ENCRYPTION_CLIENT_ALLOW_PLAINTEXT=true \ - -p TLS_SECRET_NAME=cassandra-tls -``` - -#### Enabling only for JMX communication - -By default, KUDO Cassandra nodes only allow JMX connections from localhost. To -enable remote JMX with encryption set `JMX_LOCAL_ONLY` to `false`. - -```bash -kubectl kudo install cassandra \ - --instance=cassandra \ - --namespace=kudo-cassandra \ - -p TLS_SECRET_NAME=cassandra-tls \ - -p JMX_LOCAL_ONLY=false -``` - -Check out the [parameters reference](./parameters.md) for a complete list of all -configurable settings available for KUDO Cassandra security. - -## Authentication and Authorization - -The KUDO Cassandra operator can be configured to authenticate and authorize -access to the Cassandra cluster. The `AUTHENTICATOR` parameter sets the -[authenticator](http://cassandra.apache.org/doc/3.11/operating/security.html#authentication), -the `AUTHORIZER` parameter sets the -[authorizer](http://cassandra.apache.org/doc/3.11/operating/security.html#authorization). - -### Authentication credentials - -Some functionality of the operator use `nodetool`, thus these calls need to be -authenticated as well. With enabled password authentication, create a -[secret](https://kubernetes.io/docs/concepts/configuration/secret/) that -contains the credentials of the user the operator should use and set the -`AUTHENTICATION_SECRET_NAME` parameter accordingly. - -Here's an example of a secret that uses the default cassandra/cassandra -credentials: - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: cassandra-credential -type: Opaque -data: - username: Y2Fzc2FuZHJh - password: Y2Fzc2FuZHJh -``` - -Reference this when installing the Cassandra operator with authentication. - -```bash -kubectl kudo install cassandra \ - --instance=cassandra \ - --namespace=kudo-cassandra \ - -p AUTHENTICATOR=PasswordAuthenticator \ - -p AUTHENTICATION_SECRET_NAME=cassandra-credential -``` diff --git a/repository/cassandra/3.11/docs/upgrading.md b/repository/cassandra/3.11/docs/upgrading.md deleted file mode 100644 index 0195c2f..0000000 --- a/repository/cassandra/3.11/docs/upgrading.md +++ /dev/null @@ -1,103 +0,0 @@ -# Upgrade KUDO Cassandra - -This guide explains how to upgrade a running KUDO Cassandra instance to a newer -version of KUDO Cassandra. - -## Pre-conditions - -- KUDO Cassandra instance running -- KUDO CLI installed - -## Steps - -### Preparation - -#### 1. Set the shell variables - -The examples below assume that the instance and namespace names are stored in -the following shell variables. With this assumptions met, you should be able to -copy-paste the commands easily. - -```bash -instance_name=cassandra -namespace_name=default -destination_version=1.0.0 -``` - -#### 2. Verify that the variables are set correctly - -```bash -kubectl get instance $instance_name -n $namespace_name -echo About to upgrade to $destination_version - -``` - -Example output: - -```bash -NAME AGE -cassandra 16h -About to upgrade to 1.0.0 -``` - -#### 3. Verify the state of the KUDO Cassandra instance - -```bash -kubectl kudo plan status --instance=$instance_name -n $namespace_name -``` - -In the output note if: - -- the current `Operator-Version` matches your expectation, and -- deploy plan is `COMPLETE` - -Example output: - -```text -Plan(s) for "cassandra" in namespace "default": -. -└── cassandra (Operator-Version: "cassandra-1.0.0" Active-Plan: "deploy") - └── Plan deploy (serial strategy) [COMPLETE] - └── Phase nodes (parallel strategy) [COMPLETE] - └── Step node [COMPLETE] - -``` - -### Upgrade - -```bash -kubectl kudo upgrade cassandra -n $namespace_name --instance=$instance_name --operator-version=$destination_version -``` - -Example output: - -```text -operatorversion.kudo.dev/v1beta1/cassandra-1.0.0 created -instance.kudo.dev/v1beta1/cassandra updated -``` - -### Verification - -Check the plan status: - -```bash -kubectl kudo plan status --instance=$instance_name -n $namespace_name -``` - -Expected output should show: - -- `deploy` plan either `IN_PROGRESS` or `COMPLETE`, and -- the `Operator-Version` to match the destination version. - -```text -Plan(s) for "cassandra" in namespace "default": -. -└── cassandra (Operator-Version: "cassandra-1.0.0" Active-Plan: "deploy") - └── Plan deploy (serial strategy) [IN_PROGRESS] - └── Phase nodes (parallel strategy) [IN_PROGRESS] - └── Step node [IN_PROGRESS] - -``` - -Once the pods are ready (passing readiness and liveness checks), the plan should -change to `COMPLETE`. diff --git a/repository/cassandra/3.11/operator/operator.yaml b/repository/cassandra/3.11/operator/operator.yaml deleted file mode 100644 index 43f761d..0000000 --- a/repository/cassandra/3.11/operator/operator.yaml +++ /dev/null @@ -1,141 +0,0 @@ -apiVersion: kudo.dev/v1beta1 -name: "cassandra" -operatorVersion: "1.0.1" -kudoVersion: "0.15.0-rc1" -kubernetesVersion: "1.16.0" -appVersion: "3.11.6" -maintainers: - - name: Zain Malik - email: zmalik@D2iQ.com - - name: Jan Schlicht - email: jan@D2iQ.com - - name: Andreas Neumann - email: aneumann@D2iQ.com - - name: Marcin Owsiany - email: mowsiany@D2iQ.com - - name: Murilo Pereira - email: murilo@murilopereira.com -url: http://cassandra.apache.org/ - -tasks: - - name: node - kind: Apply - spec: - resources: - - service.yaml - - tls-store-credentials.yaml - - generate-cassandra-yaml.yaml - - cassandra-topology.yaml - - cassandra-role-sa.yaml - - cassandra-env-sh.yaml - - jvm-options.yaml - - node-scripts.yaml - - generate-tls-artifacts-sh.yaml - - generate-cqlshrc-sh.yaml - - pdb.yaml - - generate-nodetool-ssl-properties.yaml - - stateful-set.yaml - - name: ext-service - kind: Toggle - spec: - parameter: EXTERNAL_SERVICE - resources: - - external-service.yaml - - name: monitor-deploy - kind: Toggle - spec: - parameter: PROMETHEUS_EXPORTER_ENABLED - resources: - - service-monitor.yaml - - cassandra-exporter-config-yml.yaml - - name: backup-deploy - kind: Toggle - spec: - parameter: BACKUP_RESTORE_ENABLED - resources: - - medusa-config-ini.yaml - - name: backup-cleanup - kind: Delete - spec: - resources: - - backup-job.yaml - - name: backup-node - kind: Apply - spec: - resources: - - backup-job.yaml - - name: recovery-controller - kind: Toggle - spec: - parameter: RECOVERY_CONTROLLER - resources: - - recovery-controller-rbac.yaml - - recovery-controller.yaml - - name: node-resolver-rbac - kind: Toggle - spec: - parameter: SERVICE_ACCOUNT_INSTALL - resources: - - node-resolver-rbac.yaml - - name: node-rbac - kind: Apply - spec: - resources: - - node-rbac.yaml - - name: repair-cleanup - kind: Delete - spec: - resources: - - repair-job.yaml - - name: repair-node - kind: Apply - spec: - resources: - - repair-job.yaml -plans: - deploy: - strategy: serial - phases: - - name: rbac - strategy: parallel - steps: - - name: rbac-deploy - tasks: - - node-rbac - - node-resolver-rbac - - name: nodes - strategy: serial - steps: - - name: pre-node - tasks: - - ext-service - - recovery-controller - - backup-deploy - - monitor-deploy - - name: node - tasks: - - node - repair: - strategy: serial - phases: - - name: repair - strategy: serial - steps: - - name: cleanup - tasks: - - repair-cleanup - - name: repair - tasks: - - repair-node - backup: - strategy: serial - phases: - - name: backup - strategy: serial - steps: - - name: cleanup - tasks: - - backup-cleanup - - name: backup - tasks: - - backup-node diff --git a/repository/cassandra/3.11/operator/params.yaml b/repository/cassandra/3.11/operator/params.yaml deleted file mode 100644 index a4f1cda..0000000 --- a/repository/cassandra/3.11/operator/params.yaml +++ /dev/null @@ -1,1033 +0,0 @@ -apiVersion: kudo.dev/v1beta1 -parameters: - ################################################################################ - ############################### Operator settings ############################## - ################################################################################ - - - name: NODE_COUNT - description: "Number of Cassandra nodes." - default: "3" - - - name: NODE_CPU_MC - description: "CPU request (in millicores) for the Cassandra node containers." - default: "1000" - - - name: NODE_CPU_LIMIT_MC - description: "CPU limit (in millicores) for the Cassandra node containers." - default: "1000" - - - name: NODE_MEM_MIB - description: "Memory request (in MiB) for the Cassandra node containers." - default: "4096" - - - name: NODE_MEM_LIMIT_MIB - description: "Memory limit (in MiB) for the Cassandra node containers." - default: "4096" - - - name: NODE_DISK_SIZE_GIB - description: "Disk size (in GiB) for the Cassandra node containers." - default: "20" - - - name: NODE_STORAGE_CLASS - description: "The storage class to be used in volumeClaimTemplates. By default, it is not required and the default storage class is used." - required: false - - - name: NODE_DOCKER_IMAGE - description: "Cassandra node Docker image." - default: "mesosphere/cassandra:3.11.6-1.0.1" - - - name: NODE_DOCKER_IMAGE_PULL_POLICY - description: "Cassandra node Docker image pull policy." - default: "Always" - - - name: NODE_READINESS_PROBE_INITIAL_DELAY_S - description: "Number of seconds after the container has started before the readiness probe is initiated." - default: "0" - - - name: NODE_READINESS_PROBE_PERIOD_S - description: "How often (in seconds) to perform the readiness probe." - default: "5" - - - name: NODE_READINESS_PROBE_TIMEOUT_S - description: "How long (in seconds) to wait for a readiness probe to succeed." - default: "60" - - - name: NODE_READINESS_PROBE_SUCCESS_THRESHOLD - description: "Minimum consecutive successes for the readiness probe to be considered successful after having failed." - default: "1" - - - name: NODE_READINESS_PROBE_FAILURE_THRESHOLD - description: "When a pod starts and the readiness probe fails, `failure_threshold` attempts will be made before marking the pod as 'unready'." - default: "3" - - - name: NODE_LIVENESS_PROBE_INITIAL_DELAY_S - description: "Number of seconds after the container has started before the liveness probe is initiated." - default: "15" - - - name: NODE_LIVENESS_PROBE_PERIOD_S - description: "How often (in seconds) to perform the liveness probe." - default: "20" - - - name: NODE_LIVENESS_PROBE_TIMEOUT_S - description: "How long (in seconds) to wait for a liveness probe to succeed." - default: "60" - - - name: NODE_LIVENESS_PROBE_SUCCESS_THRESHOLD - description: "Minimum consecutive successes for the liveness probe to be considered successful after having failed." - default: "1" - - - name: NODE_LIVENESS_PROBE_FAILURE_THRESHOLD - description: "When a pod starts and the liveness probe fails, `failure_threshold` attempts will be made before restarting the pod." - default: "3" - - - name: NODE_TOLERATIONS - description: A list of kubernetes tolerations to let pods get scheduled on tainted nodes - type: array - - - name: OVERRIDE_CLUSTER_NAME - description: "Override the name of the Cassandra cluster set by the operator. This shouldn't be explicit set, unless you know what you're doing." - default: "" - - - name: EXTERNAL_SERVICE - displayName: "Main toggle for external access" - description: "Needs to be true for either EXTERNAL_NATIVE_TRANSPORT or EXTERNAL_RPC to work" - default: "false" - - - name: EXTERNAL_NATIVE_TRANSPORT - displayName: "Enable external native transport" - description: "This exposes the Cassandra cluster via an external service so it can be accessed from outside the Kubernetes cluster" - default: "false" - - - name: EXTERNAL_RPC - displayName: "Enable external rpc" - description: "This exposes the Cassandra cluster via an external service so it can be accessed from outside the Kubernetes cluster. Works only if START_RPC is true" - default: "false" - - - name: EXTERNAL_NATIVE_TRANSPORT_PORT - displayName: "External advertised native transport port" - description: "The external port to use for Cassandra native transport protocol." - default: "9042" - - - name: EXTERNAL_RPC_PORT - displayName: "External advertised rpc port" - description: "The external port to use for Cassandra rpc protocol." - default: "9160" - - - name: BOOTSTRAP_TIMEOUT - description: "Timeout for the bootstrap binary to join the cluster with the new IP. Valid time units are 'ns', 'us', 'ms', 's', 'm', 'h'." - default: "12h30m" - - - name: SHUTDOWN_OLD_REACHABLE_NODE - description: "When a node replace is done, try to connect to the old node and shut it down before starting up the old node" - default: false - - - name: JOLOKIA_PORT - description: "The internal port for the Jolokia Agent. This port is not exposed, but can be changed if it conflicts with another port." - default: 7777 - - ################################################################################ - ########################## Backup and Restore settings ######################### - ################################################################################ - - - name: BACKUP_RESTORE_ENABLED - description: "Global flag that enables the medusa sidecar for backups" - default: "false" - - - name: BACKUP_TRIGGER - description: "Trigger parameter to start a backup. Simply needs to be changed from the current value to start a backup" - default: "1" - trigger: backup - - - name: BACKUP_AWS_CREDENTIALS_SECRET - description: If set, can be used to provide the access_key, secret_key and security_token with a secret - required: false - - - name: BACKUP_AWS_S3_BUCKET_NAME - description: The name of the AWS S3 bucket to store the backups - required: false - - - name: BACKUP_AWS_S3_STORAGE_PROVIDER - description: Should be one of the s3_* values from https://github.com/apache/libcloud/blob/trunk/libcloud/storage/types.py - required: false - default: s3_us_west_oregon - - - name: BACKUP_PREFIX - description: A prefix to be used inside the S3 bucket - required: false - - - name: BACKUP_MEDUSA_CPU_MC - description: "CPU request (in millicores) for the Medusa backup containers." - default: "100" - - - name: BACKUP_MEDUSA_CPU_LIMIT_MC - description: "CPU limit (in millicores) for the Medusa backup containers." - default: "500" - - - name: BACKUP_MEDUSA_MEM_MIB - description: "Memory request (in MiB) for the Medusa backup containers." - default: "256" - - - name: BACKUP_MEDUSA_MEM_LIMIT_MIB - description: "Memory limit (in MiB) for the Medusa backup containers." - default: "512" - - - name: BACKUP_MEDUSA_DOCKER_IMAGE - description: "Medusa backup Docker image." - default: "mesosphere/kudo-cassandra-medusa:0.6.0-1.0.1" - - - name: BACKUP_MEDUSA_DOCKER_IMAGE_PULL_POLICY - description: "Medusa backup Docker image pull policy." - default: "Always" - - - name: BACKUP_NAME - description: "The name of the backup to create or restore" - default: "" - - - name: RESTORE_FLAG - description: "If true, a restore is done on installation" - default: "false" - - - name: RESTORE_OLD_NAMESPACE - description: "The namespace from the operator that was used to create the backup" - default: "" - - - name: RESTORE_OLD_NAME - description: "The instance name from the operator that was used to create the backup" - default: "" - - ################################################################################ - ######################### Datacenter and Rack awareness ######################## - ################################################################################ - - - name: NODE_TOPOLOGY - description: "This describes a multi-datacenter setup. When set it has precedence over NODE_COUNT. See docs/multidatacenter.md for more details." - default: - type: array - - - name: NODE_ANTI_AFFINITY - description: "Ensure that every Cassandra node is deployed on separate hosts." - default: "false" - - - name: SERVICE_ACCOUNT_INSTALL - description: "This flag can be set to true to automatic installation of a cluster role, service account and role binding." - default: "false" - - - name: EXTERNAL_SEED_NODES - description: "List of seed nodes external to this instance to add to the cluster. This allows clusters spanning multiple Kubernetes clusters." - default: - type: array - - ################################################################################ - ######################### Prometheus exporter settings ######################### - ################################################################################ - - - name: PROMETHEUS_EXPORTER_ENABLED - description: "A toggle to enable the prometheus metrics exporter." - default: "false" - - - name: PROMETHEUS_EXPORTER_PORT - description: "Prometheus exporter port." - default: "7200" - - - name: PROMETHEUS_EXPORTER_CPU_MC - description: "CPU request (in millicores) for the Prometheus exporter containers." - default: "500" - - - name: PROMETHEUS_EXPORTER_CPU_LIMIT_MC - description: "CPU limit (in millicores) for the Prometheus exporter containers." - default: "1000" - - - name: PROMETHEUS_EXPORTER_MEM_MIB - description: "Memory request (in MiB) for the Prometheus exporter containers." - default: "512" - - - name: PROMETHEUS_EXPORTER_MEM_LIMIT_MIB - description: "Memory limit (in MiB) for the Prometheus exporter containers." - default: "512" - - - name: PROMETHEUS_EXPORTER_DOCKER_IMAGE - description: "Prometheus exporter Docker image." - default: "mesosphere/cassandra-prometheus-exporter:2.3.4-1.0.1" - - - name: PROMETHEUS_EXPORTER_DOCKER_IMAGE_PULL_POLICY - description: "Prometheus exporter Docker image pull policy." - default: "Always" - - - name: PROMETHEUS_EXPORTER_CUSTOM_CONFIG_CM_NAME - displayName: "custom prometheus configuration configmap name" - description: "The properties present in this configmap will be appended to the prometheus configuration properties" - required: false - - ################################################################################ - ########################### Cassandra node settings ############################ - ################################################################################ - - - name: STORAGE_PORT - description: "The port for inter-node communication." - default: "7000" - - - name: SSL_STORAGE_PORT - description: "The port for inter-node communication over SSL." - default: "7001" - - - name: NATIVE_TRANSPORT_PORT - description: "The port for CQL communication." - default: "9042" - - - name: RPC_PORT - description: "The port for Thrift RPC communication." - default: "9160" - - - name: JMX_PORT - description: "The JMX port that will be used to interface with the Cassandra application." - default: "7199" - - - name: RMI_PORT - description: "The RMI port that will be used to interface with the Cassandra application when TRANSPORT_ENCRYPTION_ENABLED is set." - default: "7299" - - - name: JMX_LOCAL_ONLY - description: "If true, the JMX port will only be opened on localhost and not be available to the cluster" - default: "true" - - - name: TRANSPORT_ENCRYPTION_ENABLED - description: "Enable node-to-node encryption." - default: "false" - - - name: TRANSPORT_ENCRYPTION_CLIENT_ENABLED - description: "Enable client-to-node encryption." - default: "false" - - - name: TRANSPORT_ENCRYPTION_CIPHERS - description: "Comma-separated list of JSSE Cipher Suite Names." - default: "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" - - - name: TRANSPORT_ENCRYPTION_CLIENT_ALLOW_PLAINTEXT - description: "Enable Server-Client plaintext communication alongside encrypted traffic." - default: "false" - - - name: TRANSPORT_ENCRYPTION_REQUIRE_CLIENT_AUTH - description: "Enable client certificate authentication on node-to-node transport encryption." - default: "true" - - - name: TRANSPORT_ENCRYPTION_CLIENT_REQUIRE_CLIENT_AUTH - description: "Enable client certificate authentication on client-to-node transport encryption." - default: "true" - - - name: TLS_SECRET_NAME - description: "The TLS secret that contains the self-signed certificate (cassandra.crt) and the private key (cassandra.key). The secret will be mounted as a volume to make the artifacts available." - default: "cassandra-tls" - - - name: NODE_MIN_HEAP_SIZE_MB - description: "The minimum JVM heap size in MB. This has a smart default and doesn't need to be explicitly set." - default: "" - - - name: NODE_MAX_HEAP_SIZE_MB - description: "The maximum JVM heap size in MB. This has a smart default and doesn't need to be explicitly set." - default: "" - - - name: NODE_NEW_GENERATION_HEAP_SIZE_MB - description: "The JVM new generation heap size in MB." - default: "" - - - name: SEED_PROVIDER_CLASS - description: "The class within Cassandra that handles the seed logic." - default: "org.apache.cassandra.locator.SimpleSeedProvider" - - - name: NUM_TOKENS - description: "The number of tokens assigned to each node." - default: "256" - - - name: HINTED_HANDOFF_ENABLED - description: "If true, hinted handoff is enabled for the cluster." - default: "true" - - - name: MAX_HINT_WINDOW_IN_MS - description: "The maximum amount of time, in ms, that hints are generated for an unresponsive node." - default: "10800000" - - - name: HINTED_HANDOFF_THROTTLE_IN_KB - description: "The maximum throttle per delivery thread in KBs per second." - default: "1024" - - - name: MAX_HINTS_DELIVERY_THREADS - description: "The maximum number of delivery threads for hinted handoff." - default: "2" - - - name: BATCHLOG_REPLAY_THROTTLE_IN_KB - description: "The total maximum throttle for replaying failed logged batches in KBs per second." - default: "1024" - - - name: AUTHENTICATOR - description: "Authentication backend, implementing IAuthenticator; used to identify users." - default: "AllowAllAuthenticator" - - - name: AUTHENTICATION_SECRET_NAME - description: "Name of the secret containing the credentials used by the operator when running 'nodetool' for its functionality. Only relevant if AUTHENTICATOR is set to 'PasswordAuthenticator'. The secret needs to have a 'username' and a 'password' entry." - default: "" - - - name: AUTHORIZER - description: "Authorization backend, implementing IAuthorizer; used to limit access/provide permissions." - default: "AllowAllAuthorizer" - - - name: ROLE_MANAGER - description: "Part of the Authentication & Authorization backend that implements IRoleManager to maintain grants and memberships between roles, By default, the value set is Apache Cassandra's out of the box Role Manager: CassandraRoleManager" - default: "CassandraRoleManager" - - - name: ROLES_VALIDITY_IN_MS - description: "Validity period for roles cache; set to 0 to disable" - default: "2000" - - - name: ROLES_UPDATE_INTERVAL_IN_MS - description: "After this interval, cache entries become eligible for refresh. Upon next access, Cassandra schedules an async reload, and returns the old value until the reload completes. If roles_validity_in_ms is non-zero, then this must be also." - default: "" - - - name: CREDENTIALS_VALIDITY_IN_MS - description: " This cache is tightly coupled to the provided PasswordAuthenticator implementation of IAuthenticator. If another IAuthenticator implementation is configured, Cassandra does not use this cache, and these settings have no effect. Set to 0 to disable." - default: "2000" - - - name: CREDENTIALS_UPDATE_INTERVAL_IN_MS - description: "After this interval, cache entries become eligible for refresh. The next time the cache is accessed, the system schedules an asynchronous reload of the cache. Until this cache reload is complete, the cache returns the old values. If credentials_validity_in_ms is nonzero, this property must also be nonzero." - default: "" - - - name: PERMISSIONS_VALIDITY_IN_MS - description: "How many milliseconds permissions in cache remain valid. Fetching permissions can be resource intensive. To disable the cache, set this to 0." - default: "2000" - - - name: PERMISSIONS_UPDATE_INTERVAL_IN_MS - description: "If enabled, sets refresh interval for the permissions cache. After this interval, cache entries become eligible for refresh. On next access, Cassandra schedules an async reload and returns the old value until the reload completes. If permissions_validity_in_ms is nonzero, permissions_update_interval_in_ms must also be non-zero." - default: "" - - - name: PARTITIONER - description: "The partitioner used to distribute rows across the cluster. Murmur3Partitioner is the recommended setting. RandomPartitioner and ByteOrderedPartitioner are supported for legacy applications." - default: "org.apache.cassandra.dht.Murmur3Partitioner" - - - name: KEY_CACHE_SAVE_PERIOD - description: "The duration in seconds that keys are saved in cache. Saved caches greatly improve cold-start speeds and has relatively little effect on I/O." - default: "14400" - - - name: ROW_CACHE_SIZE_IN_MB - description: "Maximum size of the row cache in memory. Row cache can save more time than key_cache_size_in_mb, but is space-intensive because it contains the entire row. Use the row cache only for hot rows or static rows. 0 disables the row cache." - default: "0" - - - name: ROW_CACHE_SAVE_PERIOD - description: "Duration in seconds that rows are saved in cache. 0 disables caching." - default: "0" - - - name: COMMITLOG_SYNC_PERIOD_IN_MS - description: "The number of milliseconds between disk fsync calls." - default: "10000" - - - name: COMMITLOG_SYNC_BATCH_WINDOW_IN_MS - description: "Time to wait between batch fsyncs, if commitlog_sync is in batch mode then default value should be: 2" - default: "" - - - name: COMMITLOG_SEGMENT_SIZE_IN_MB - description: "The size of each commit log segment in Mb." - default: "32" - - - name: CONCURRENT_READS - description: "For workloads with more data than can fit in memory, the bottleneck is reads fetching data from disk. Setting to (16 times the number of drives) allows operations to queue low enough in the stack so that the OS and drives can reorder them." - default: "16" - - - name: CONCURRENT_WRITES - description: "Writes in Cassandra are rarely I/O bound, so the ideal number of concurrent writes depends on the number of CPU cores in your system. The recommended value is 8 times the number of cpu cores." - default: "32" - - - name: CONCURRENT_COUNTER_WRITES - description: "Counter writes read the current values before incrementing and writing them back. The recommended value is (16 times the number of drives) ." - default: "16" - - - name: MEMTABLE_ALLOCATION_TYPE - description: "The type of allocations for the Cassandra memtable. heap_buffers keep all data on the JVM heap. offheap_buffers may reduce heap utilization for large string or binary values. offheap_objects may improve heap size for small integers or UUIDs as well. Both off heap options will increase read latency." - default: "heap_buffers" - - - name: INDEX_SUMMARY_RESIZE_INTERVAL_IN_MINUTES - description: "How frequently index summaries should be re-sampled in minutes. This is done periodically to redistribute memory from the fixed-size pool to SSTables proportional their recent read rates." - default: "60" - - - name: START_NATIVE_TRANSPORT - description: "If true, CQL is enabled." - default: "true" - - - name: START_RPC - description: "If true, Thrift RPC is enabled. This is deprecated but may be necessary for legacy applications." - default: "false" - - - name: RPC_KEEPALIVE - description: "Enables or disables keepalive on client connections (RPC or native)." - default: "true" - - - name: THRIFT_FRAMED_TRANSPORT_SIZE_IN_MB - description: "Frame size (maximum field length) for Thrift." - default: "15" - - - name: TOMBSTONE_WARN_THRESHOLD - description: "The maximum number of tombstones a query can scan before warning." - default: "1000" - - - name: TOMBSTONE_FAILURE_THRESHOLD - description: "The maximum number of tombstones a query can scan before aborting." - default: "100000" - - - name: COLUMN_INDEX_SIZE_IN_KB - description: "The granularity of the index of rows within a partition. For huge rows, decrease this setting to improve seek time. If you use key cache, be careful not to make this setting too large because key cache will be overwhelmed." - default: "64" - - - name: BATCH_SIZE_WARN_THRESHOLD_IN_KB - description: "Warn the operator on a batch size exceeding this value in kilobytes. Caution should be taken on increasing the size of this threshold as it can lead to node instability." - default: "5" - - - name: BATCH_SIZE_FAIL_THRESHOLD_IN_KB - description: "Fail batch sizes exceeding this value in kilobytes. Caution should be taken on increasing the size of this threshold as it can lead to node instability." - default: "50" - - - name: COMPACTION_THROUGHPUT_MB_PER_SEC - description: "Throttles compaction to the specified total throughput across the node. Compaction frequency varies with direct proportion to write throughput and is necessary to limit the SSTable size. The recommended value is 16 to 32 times the rate of write throughput (in MB/second)." - default: "16" - - - name: SSTABLE_PREEMPTIVE_OPEN_INTERVAL_IN_MB - description: "When compacting, the replacement opens SSTables before they are completely written and uses in place of the prior SSTables for any range previously written. This setting helps to smoothly transfer reads between the SSTables by reducing page cache churn and keeps hot rows hot." - default: "50" - - - name: READ_REQUEST_TIMEOUT_IN_MS - description: "The time that the coordinator waits for read operations to complete in ms." - default: "5000" - - - name: RANGE_REQUEST_TIMEOUT_IN_MS - description: "The time that the coordinator waits for range scans complete in ms." - default: "10000" - - - name: WRITE_REQUEST_TIMEOUT_IN_MS - description: "The time that the coordinator waits for write operations to complete in ms." - default: "2000" - - - name: COUNTER_WRITE_REQUEST_TIMEOUT_IN_MS - description: "The time that the coordinator waits for counter write operations to complete in ms." - default: "5000" - - - name: CAS_CONTENTION_TIMEOUT_IN_MS - description: "The time for which the coordinator will retry CAS operations on the same row in ms." - default: "1000" - - - name: TRUNCATE_REQUEST_TIMEOUT_IN_MS - description: "The time that the coordinator waits for truncate operations to complete in ms." - default: "60000" - - - name: REQUEST_TIMEOUT_IN_MS - description: "The default timeout for all other requests in ms." - default: "10000" - - - name: DYNAMIC_SNITCH_UPDATE_INTERVAL_IN_MS - description: "The time, in ms, the snitch will wait before updating node scores." - default: "100" - - - name: DYNAMIC_SNITCH_RESET_INTERVAL_IN_MS - description: "The time, in ms, the snitch will wait before resetting node scores allowing bad nodes to recover." - default: "600000" - - - name: DYNAMIC_SNITCH_BADNESS_THRESHOLD - description: "Sets the performance threshold for dynamically routing client requests away from a poorly performing node." - default: "0.1" - - - name: INTERNODE_COMPRESSION - description: "Controls whether traffic between nodes is compressed. all compresses all traffic. none compresses no traffic. dc compresses between datacenters." - default: "dc" - - - name: MAX_HINTS_FILE_SIZE_IN_MB - description: "The maximum size of the hints file in Mb." - default: "128" - - - name: HINTS_FLUSH_PERIOD_IN_MS - description: "The time, in ms, for the period in which hints are flushed to disk." - default: "10000" - - - name: CONCURRENT_MATERIALIZED_VIEW_WRITES - description: "The maximum number of concurrent writes to materialized views." - default: "32" - - - name: COMMITLOG_TOTAL_SPACE_IN_MB - description: "The total size of the commit log in Mb." - default: "" - - - name: AUTO_SNAPSHOT - description: "Take a snapshot of the data before truncating a keyspace or dropping a table" - default: "true" - - - name: KEY_CACHE_KEYS_TO_SAVE - description: "The number of keys from the key cache to save" - default: "" - - - name: ROW_CACHE_KEYS_TO_SAVE - description: "The number of keys from the row cache to save" - default: "" - - - name: COUNTER_CACHE_KEYS_TO_SAVE - description: "The number of keys from the counter cache to save" - default: "" - - - name: FILE_CACHE_SIZE_IN_MB - description: "The total memory to use for SSTable-reading buffers" - default: "" - - - name: MEMTABLE_HEAP_SPACE_IN_MB - description: "The amount of on-heap memory allocated for memtables" - default: "" - - - name: MEMTABLE_OFFHEAP_SPACE_IN_MB - description: "The total amount of off-heap memory allocated for memtables" - default: "" - - - name: MEMTABLE_CLEANUP_THRESHOLD - description: "The ratio used for automatic memtable flush" - default: "" - - - name: MEMTABLE_FLUSH_WRITERS - description: "The number of memtable flush writer threads" - default: "" - - - name: LISTEN_ON_BROADCAST_ADDRESS - description: "Listen on the address set in broadcast_address property" - default: "" - - - name: INTERNODE_AUTHENTICATOR - description: "The internode authentication backend" - default: "" - - - name: NATIVE_TRANSPORT_MAX_THREADS - description: "The maximum number of thread handling requests" - default: "" - - - name: NATIVE_TRANSPORT_MAX_FRAME_SIZE_IN_MB - description: "The maximum allowed size of a frame" - default: "" - - - name: NATIVE_TRANSPORT_MAX_CONCURRENT_CONNECTIONS - description: "The maximum number of concurrent client connections" - default: "" - - - name: NATIVE_TRANSPORT_MAX_CONCURRENT_CONNECTIONS_PER_IP - description: "The maximum number of concurrent client connections per source IP address" - default: "" - - - name: RPC_MIN_THREADS - description: "The minimum thread pool size for remote procedure calls" - default: "" - - - name: RPC_MAX_THREADS - description: "The maximum thread pool size for remote procedure calls" - default: "" - - - name: RPC_SEND_BUFF_SIZE_IN_BYTES - description: "The sending socket buffer size in bytes for remote procedure calls" - default: "" - - - name: RPC_RECV_BUFF_SIZE_IN_BYTES - description: "The receiving socket buffer size for remote procedure calls" - default: "" - - - name: CONCURRENT_COMPACTORS - description: "The number of concurrent compaction processes allowed to run simultaneously on a node" - default: "" - - - name: STREAM_THROUGHPUT_OUTBOUND_MEGABITS_PER_SEC - description: "The maximum throughput of all outbound streaming file transfers on a node" - default: "" - - - name: INTER_DC_STREAM_THROUGHPUT_OUTBOUND_MEGABITS_PER_SEC - description: "The maximum throughput of all streaming file transfers between datacenters" - default: "" - - - name: STREAMING_KEEP_ALIVE_PERIOD_IN_SECS - description: "Interval to send keep-alive messages. The stream session fails when a keep-alive message is not received for 2 keep-alive cycles." - default: "" - - - name: PHI_CONVICT_THRESHOLD - description: "The sensitivity of the failure detector on an exponential scale" - default: "" - - - name: BUFFER_POOL_USE_HEAP_IF_EXHAUSTED - description: "Allocate on-heap memory when the SSTable buffer pool is exhausted" - default: "" - - - name: DISK_OPTIMIZATION_STRATEGY - description: "The strategy for optimizing disk reads" - default: "" - - - name: MAX_VALUE_SIZE_IN_MB - description: "The maximum size of any value in SSTables" - default: "" - - - name: OTC_COALESCING_STRATEGY - description: "The strategy to use for coalescing network messages. Values can be: fixed, movingaverage, timehorizon, disabled (default)" - default: "" - - - name: UNLOGGED_BATCH_ACROSS_PARTITIONS_WARN_THRESHOLD - description: "Causes Cassandra to log a WARN message on any batches not of type LOGGED that span across more partitions than this limit." - default: "10" - - - name: COMPACTION_LARGE_PARTITION_WARNING_THRESHOLD_MB - description: "Cassandra logs a warning when compacting partitions larger than the set value." - default: "100" - - - name: REQUEST_SCHEDULER - description: "The scheduler to handle incoming client requests according to a defined policy. This scheduler is useful for throttling client requests in single clusters containing multiple keyspaces." - default: "org.apache.cassandra.scheduler.NoScheduler" - - - name: INTER_DC_TCP_NODELAY - description: "Enable this property for inter-datacenter communication." - default: "false" - - - name: TRACETYPE_QUERY_TTL - description: "TTL for different trace types used during logging of the query process." - default: "86400" - - - name: TRACETYPE_REPAIR_TTL - description: "TTL for different trace types used during logging of the repair process." - default: "604800" - - - name: GC_WARN_THRESHOLD_IN_MS - description: "Any GC pause longer than this interval is logged at the WARN level." - default: "1000" - - - name: WINDOWS_TIMER_INTERVAL - description: "The default Windows kernel timer and scheduling resolution is 15.6ms for power conservation. Lowering this value on Windows can provide much tighter latency and better throughput, however some virtualized environments may see a negative performance impact from changing this setting below their system default." - default: "1" - - - name: COUNTER_CACHE_SAVE_PERIOD - description: "the amount of time after which Cassandra saves the counter cache (keys only)." - default: "7200" - - - name: TRICKLE_FSYNC_INTERVAL_IN_KB - description: "The size of the fsync in kilobytes." - default: "10240" - - - name: TRICKLE_FSYNC - description: "When set to true, causes fsync to force the operating system to flush the dirty buffers at the set interval " - default: "false" - - - name: INCREMENTAL_BACKUPS - description: "Backs up data updated since the last snapshot was taken. When enabled, Cassandra creates a hard link to each SSTable flushed or streamed locally in a backups subdirectory of the keyspace data." - default: "false" - - - name: SNAPSHOT_BEFORE_COMPACTION - description: "Enables or disables taking a snapshot before each compaction. A snapshot is useful to back up data when there is a data format change." - default: "false" - - - name: CROSS_NODE_TIMEOUT - description: "operation timeout information exchange between nodes (to accurately measure request timeouts)." - default: "false" - - - name: COMMIT_FAILURE_POLICY - description: "Policy for commit disk failures." - default: "stop" - - - name: KEY_CACHE_SIZE_IN_MB - description: "A global cache setting for the maximum size of the key cache in memory (for all tables). " - default: "" - - - name: COUNTER_CACHE_SIZE_IN_MB - description: "When no value is set, Cassandra uses the smaller of minimum of 2.5% of Heap or 50MB." - default: "" - - - name: COMMITLOG_SYNC - description: "The method that Cassandra uses to acknowledge writes in milliseconds" - default: "periodic" - - - name: INDEX_SUMMARY_CAPACITY_IN_MB - description: "Fixed memory pool size in MB for SSTable index summaries." - default: "" - - - name: RPC_SERVER_TYPE - description: "Cassandra provides three options for the RPC server. sync and hsha performance is about the same, but hsha uses less memory." - default: "sync" - - - name: ENDPOINT_SNITCH - description: "Set to a class that implements the IEndpointSnitch interface. Cassandra uses the snitch to locate nodes and route requests." - default: "SimpleSnitch" - - - name: DISK_FAILURE_POLICY - description: "The policy for how Cassandra responds to disk failure" - default: "stop" - - - name: ENABLE_USER_DEFINED_FUNCTIONS - description: " User defined functions (UDFs) present a security risk, since they are executed on the server side. UDFs are executed in a sandbox to contain the execution of malicious code." - default: "false" - - - name: ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS - description: "Java UDFs are always enabled, if enable_user_defined_functions is true. Enable this option to use UDFs with language javascript or any custom JSR-223 provider. This option has no effect if enable_user_defined_functions is false" - default: "false" - - - name: ENABLE_MATERIALIZED_VIEWS - description: "Enables materialized view creation on this node. Materialized views are considered experimental and are not recommended for production use." - default: "false" - - - name: CDC_ENABLED - description: "Enable / disable CDC functionality on a per-node basis. This modifies the logic used for write path allocation rejection" - default: "false" - - - name: CDC_TOTAL_SPACE_IN_MB - description: "Total space to use for change-data-capture (CDC) logs on disk. " - default: "" - - - name: CDC_FREE_SPACE_CHECK_INTERVAL_MS - description: "Interval between checks for new available space for CDC-tracked tables when the cdc_total_space_in_mb threshold is reached and the CDCCompactor is running behind or experiencing back pressure." - default: "" - - - name: PREPARED_STATEMENTS_CACHE_SIZE_MB - description: "Maximum size of the native protocol prepared statement cache" - default: "" - - - name: THRIFT_PREPARED_STATEMENTS_CACHE_SIZE_MB - description: "Maximum size of the Thrift prepared statement cache. Leave empty if you do not use Thrift." - default: "" - - - name: COLUMN_INDEX_CACHE_SIZE_IN_KB - description: "A threshold for the total size of all index entries for a partition that the database stores in the partition key cache." - default: "2" - - - name: SLOW_QUERY_LOG_TIMEOUT_IN_MS - description: "How long before a node logs slow queries. Select queries that exceed this value generate an aggregated log message to identify slow queries. To disable, set to 0." - default: "500" - - - name: BACK_PRESSURE_ENABLED - description: "Enable for the coordinator to apply the specified back pressure strategy to each mutation that is sent to replicas." - default: "false" - - - name: BACK_PRESSURE_STRATEGY_CLASS_NAME - description: "The back-pressure strategy applied. The default implementation, RateBasedBackPressure, takes three arguments: high ratio, factor, and flow type, and uses the ratio between incoming mutation responses and outgoing mutation requests." - default: "org.apache.cassandra.net.RateBasedBackPressure" - - - name: BACK_PRESSURE_STRATEGY_HIGH_RATIO - description: "When outgoing mutations are below this value, they are rate limited according to the incoming rate decreased by the factor. When above this value, the rate limiting is increased by the factor." - default: "0.9" - - - name: BACK_PRESSURE_STRATEGY_FACTOR - description: "A number between 1 and 10. Increases or decreases rate limiting." - default: "5" - - - name: BACK_PRESSURE_STRATEGY_FLOW - description: "The flow speed to apply rate limiting: FAST - rate limited to the speed of the fastest replica. SLOW - rate limit to the speed of the slowest replica." - default: "FAST" - - - name: ALLOCATE_TOKENS_FOR_KEYSPACE - description: "Triggers automatic allocation of num_tokens tokens for this node. The allocation algorithm attempts to choose tokens in a way that optimizes replicated load over the nodes in the datacenter for the replication strategy used by the specified keyspace." - default: "" - - - name: HINTS_DIRECTORY - description: "Directory where Cassandra should store hints." - default: "" - - - name: COMMITLOG_DIRECTORY - description: "When running on magnetic HDD, this should be a separate spindle than the data directories. If not set, the default directory is $CASSANDRA_HOME/data/commitlog." - default: "" - - - name: CDC_RAW_DIRECTORY - description: "CommitLogSegments are moved to this directory on flush if cdc_enabled: true and the segment contains mutations for a CDC-enabled table" - default: "" - - - name: ROW_CACHE_CLASS_NAME - description: "Row cache implementation class name." - default: "" - - - name: SAVED_CACHES_DIRECTORY - description: "saved caches If not set, the default directory is $CASSANDRA_HOME/data/saved_caches." - default: "" - - - name: INTERNODE_SEND_BUFF_SIZE_IN_BYTES - description: "Set socket buffer size for internode communication Note that when setting this, the buffer size is limited by net.core.wmem_max and when not setting it it is defined by net.ipv4.tcp_wm" - default: "" - - - name: INTERNODE_RECV_BUFF_SIZE_IN_BYTES - description: "Set socket buffer size for internode communication Note that when setting this, the buffer size is limited by net.core.wmem_max and when not setting it it is defined by net.ipv4.tcp_wmem" - default: "" - - - name: GC_LOG_THRESHOLD_IN_MS - description: "GC Pauses greater than 200 ms will be logged at INFO level This threshold can be adjusted to minimize logging if necessary" - default: "" - - - name: OTC_COALESCING_WINDOW_US - description: "How many microseconds to wait for coalescing." - default: "" - - - name: OTC_COALESCING_ENOUGH_COALESCED_MESSAGES - description: "Do not try to coalesce messages if we already got that many messages. This should be more than 2 and less than 128." - default: "" - - - name: OTC_BACKLOG_EXPIRATION_INTERVAL_MS - description: "How many milliseconds to wait between two expiration runs on the backlog (queue) of the OutboundTcpConnection." - default: "" - - - name: REPAIR_SESSION_MAX_TREE_DEPTH - description: "Limits the maximum Merkle tree depth to avoid consuming too much memory during repairs." - default: "" - - - name: ENABLE_SASI_INDEXES - description: "Enables SASI index creation on this node. SASI indexes are considered experimental and are not recommended for production use." - default: "" - - - name: CUSTOM_CASSANDRA_YAML_BASE64 - description: "Base64-encoded Cassandra properties appended to cassandra.yaml." - default: "" - - - name: KUBECTL_VERSION - description: "Version of 'bitnami/kubectl' image. This image is used for some functionality of the operator." - default: "1.18.4" - - ################################################################################ - ################################ JVM Options ################################### - ################################################################################ - - - name: JVM_OPT_AVAILABLE_PROCESSORS - description: "In a multi-instance deployment, multiple Cassandra instances will independently assume that all CPU processors are available to it. This setting allows you to specify a smaller set of processors and perhaps have affinity." - default: "" - - - name: JVM_OPT_JOIN_RING - description: "Set to false to start Cassandra on a node but not have the node join the cluster." - default: "" - - - name: JVM_OPT_LOAD_RING_STATE - description: "Set to false to clear all gossip state for the node on restart. Use when you have changed node information in cassandra.yaml (such as listen_address)." - default: "" - - - name: JVM_OPT_REPLAYLIST - description: "Allow restoring specific tables from an archived commit log." - default: "" - - - name: JVM_OPT_RING_DELAY_MS - description: "Allows overriding of the default RING_DELAY (30000ms), which is the amount of time a node waits before joining the ring." - default: "" - - - name: JVM_OPT_TRIGGERS_DIR - description: "Set the default location for the trigger JARs. (Default: conf/triggers)" - default: "" - - - name: JVM_OPT_WRITE_SURVEY - description: "For testing new compaction and compression strategies. It allows you to experiment with different strategies and benchmark write performance differences without affecting the production workload." - default: "" - - - name: JVM_OPT_DISABLE_AUTH_CACHES_REMOTE_CONFIGURATION - description: "To disable configuration via JMX of auth caches (such as those for credentials, permissions and roles). This will mean those config options can only be set (persistently) in cassandra.yaml and will require a restart for new values to take effect." - default: "" - - - name: JVM_OPT_FORCE_DEFAULT_INDEXING_PAGE_SIZE - description: "To disable dynamic calculation of the page size used when indexing an entire partition (during initial index build/rebuild). If set to true, the page size will be fixed to the default of 10000 rows per page." - default: "" - - - name: JVM_OPT_PREFER_IPV4_STACK - description: "Prefer binding to IPv4 network intefaces (when net.ipv6.bindv6only=1). See http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6342561 (short version: comment out this entry to enable IPv6 support)." - default: "true" - - - name: JVM_OPT_EXPIRATION_DATE_OVERFLOW_POLICY - description: "Defines how to handle INSERT requests with TTL exceeding the maximum supported expiration date." - default: "" - - - name: JVM_OPT_THREAD_PRIORITY_POLICY - description: "allows lowering thread priority without being root on linux - probably not necessary on Windows but doesn't harm anything." - default: "42" - - - name: JVM_OPT_THREAD_STACK_SIZE - description: "Per-thread stack size." - default: "256k" - - - name: JVM_OPT_STRING_TABLE_SIZE - description: "Larger interned string table, for gossip's benefit (CASSANDRA-6410)" - default: "1000003" - - - name: JVM_OPT_SURVIVOR_RATIO - description: "CMS Settings: SurvivorRatio" - default: "8" - - - name: JVM_OPT_MAX_TENURING_THRESHOLD - description: "CMS Settings: MaxTenuringThreshold" - default: "1" - - - name: JVM_OPT_CMS_INITIATING_OCCUPANCY_FRACTION - description: "CMS Settings: CMSInitiatingOccupancyFraction" - default: "75" - - - name: JVM_OPT_CMS_WAIT_DURATION - description: "CMS Settings: CMSWaitDuration" - default: "10000" - - - name: JVM_OPT_NUMBER_OF_GC_LOG_FILES - description: "GC logging options: NumberOfGCLogFiles" - default: "10" - - - name: JVM_OPT_GC_LOG_FILE_SIZE - description: "GC logging options: GCLOGFILESIZE" - default: "10M" - - - name: JVM_OPT_GC_LOG_DIRECTORY - description: "GC logging options: GC_LOG_DIRECTORY" - default: "" - - - name: JVM_OPT_PRINT_FLS_STATISTICS - description: "GC logging options: PrintFLSStatistics" - default: "" - - - name: JVM_OPT_CONC_GC_THREADS - description: "By default, ConcGCThreads is 1/4 of ParallelGCThreads. Setting both to the same value can reduce STW durations." - default: "" - - - name: JVM_OPT_INITIATING_HEAP_OCCUPANCY_PERCENT - description: "Save CPU time on large (>= 16GB) heaps by delaying region scanning until the heap is 70% full. The default in Hotspot 8u40 is 40%." - default: "" - - - name: JVM_OPT_MAX_GC_PAUSE_MILLIS - description: "Main G1GC tunable: lowering the pause target will lower throughput and vise versa." - default: "" - - - name: JVM_OPT_G1R_SET_UPDATING_PAUSE_TIME_PERCENT - description: "Have the JVM do less remembered set work during STW, instead preferring concurrent GC. Reduces p99.9 latency." - default: "" - - - name: CUSTOM_JVM_OPTIONS_BASE64 - description: "Base64-encoded JVM options appended to jvm.options." - default: "" - - - name: POD_MANAGEMENT_POLICY - description: "podManagementPolicy of the Cassandra Statefulset" - default: "OrderedReady" - - ################################################################################ - ################################ Repair options ################################ - ################################################################################ - - - name: REPAIR_POD - description: "Name of the pod on which 'nodetool repair' should be run." - default: "" - trigger: repair - - ################################################################################ - ################################ Repair options ################################ - ################################################################################ - - - name: RECOVERY_CONTROLLER - displayName: "Enables or disables the recovery controller" - description: "Needs to be true for automatic failure recovery and node eviction" - default: "false" - - - name: RECOVERY_CONTROLLER_DOCKER_IMAGE - description: "Recovery controller Docker image." - default: "mesosphere/kudo-cassandra-recovery:0.0.2-1.0.1" - - - name: RECOVERY_CONTROLLER_DOCKER_IMAGE_PULL_POLICY - description: "Recovery controller Docker image pull policy." - default: "Always" - - - name: RECOVERY_CONTROLLER_CPU_MC - description: "CPU request (in millicores) for the Recovery controller container." - default: "50" - - - name: RECOVERY_CONTROLLER_CPU_LIMIT_MC - description: "CPU limit (in millicores) for the Recovery controller container." - default: "200" - - - name: RECOVERY_CONTROLLER_MEM_MIB - description: "Memory request (in MiB) for the Recovery controller container." - default: "50" - - - name: RECOVERY_CONTROLLER_MEM_LIMIT_MIB - description: "Memory limit (in MiB) for the Recovery controller container." - default: "256" diff --git a/repository/cassandra/3.11/operator/templates/backup-job.yaml b/repository/cassandra/3.11/operator/templates/backup-job.yaml deleted file mode 100644 index 91b1c31..0000000 --- a/repository/cassandra/3.11/operator/templates/backup-job.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ range $i, $v := until (int .Params.NODE_COUNT) }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: backup-node-{{ $v }} -spec: - backoffLimit: 0 - template: - spec: - serviceAccountName: {{ $.Name }}-sa - containers: - - name: backup - image: bitnami/kubectl:{{ $.Params.KUBECTL_VERSION }} - command: - - bash - - -c - args: - - kubectl -n {{ $.Namespace }} exec {{ $.Name }}-node-{{ $v }} --container medusa-backup -- python3 /usr/local/bin/medusa backup --backup-name {{ $.Params.BACKUP_NAME }} - restartPolicy: Never -{{ end }} \ No newline at end of file diff --git a/repository/cassandra/3.11/operator/templates/cassandra-env-sh.yaml b/repository/cassandra/3.11/operator/templates/cassandra-env-sh.yaml deleted file mode 100644 index cdf82c2..0000000 --- a/repository/cassandra/3.11/operator/templates/cassandra-env-sh.yaml +++ /dev/null @@ -1,330 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Name }}-cassandra-env-sh - namespace: {{ .Namespace }} -data: - cassandra-env.sh: | - # Licensed to the Apache Software Foundation (ASF) under one - # or more contributor license agreements. See the NOTICE file - # distributed with this work for additional information - # regarding copyright ownership. The ASF licenses this file - # to you under the Apache License, Version 2.0 (the - # "License"); you may not use this file except in compliance - # with the License. You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - - calculate_heap_sizes() - { - case "`uname`" in - Linux) - system_memory_in_mb=`free -m | awk '/:/ {print $2;exit}'` - system_cpu_cores=`egrep -c 'processor([[:space:]]+):.*' /proc/cpuinfo` - ;; - FreeBSD) - system_memory_in_bytes=`sysctl hw.physmem | awk '{print $2}'` - system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024` - system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'` - ;; - SunOS) - system_memory_in_mb=`prtconf | awk '/Memory size:/ {print $3}'` - system_cpu_cores=`psrinfo | wc -l` - ;; - Darwin) - system_memory_in_bytes=`sysctl hw.memsize | awk '{print $2}'` - system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024` - system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'` - ;; - *) - # assume reasonable defaults for e.g. a modern desktop or - # cheap server - system_memory_in_mb="2048" - system_cpu_cores="2" - ;; - esac - - # some systems like the raspberry pi don't report cores, use at least 1 - if [ "$system_cpu_cores" -lt "1" ] - then - system_cpu_cores="1" - fi - - # set max heap size based on the following - # max(min(1/2 ram, 1024MB), min(1/4 ram, 8GB)) - # calculate 1/2 ram and cap to 1024MB - # calculate 1/4 ram and cap to 8192MB - # pick the max - half_system_memory_in_mb=`expr $system_memory_in_mb / 2` - quarter_system_memory_in_mb=`expr $half_system_memory_in_mb / 2` - if [ "$half_system_memory_in_mb" -gt "1024" ] - then - half_system_memory_in_mb="1024" - fi - if [ "$quarter_system_memory_in_mb" -gt "8192" ] - then - quarter_system_memory_in_mb="8192" - fi - if [ "$half_system_memory_in_mb" -gt "$quarter_system_memory_in_mb" ] - then - max_heap_size_in_mb="$half_system_memory_in_mb" - else - max_heap_size_in_mb="$quarter_system_memory_in_mb" - fi - MAX_HEAP_SIZE="${max_heap_size_in_mb}M" - - # Young gen: min(max_sensible_per_modern_cpu_core * num_cores, 1/4 * heap size) - max_sensible_yg_per_core_in_mb="100" - max_sensible_yg_in_mb=`expr $max_sensible_yg_per_core_in_mb "*" $system_cpu_cores` - - desired_yg_in_mb=`expr $max_heap_size_in_mb / 4` - - if [ "$desired_yg_in_mb" -gt "$max_sensible_yg_in_mb" ] - then - HEAP_NEWSIZE="${max_sensible_yg_in_mb}M" - else - HEAP_NEWSIZE="${desired_yg_in_mb}M" - fi - } - - # Determine the sort of JVM we'll be running on. - java_ver_output=`"${JAVA:-java}" -version 2>&1` - jvmver=`echo "$java_ver_output" | grep '[openjdk|java] version' | awk -F'"' 'NR==1 {print $2}' | cut -d\- -f1` - JVM_VERSION=${jvmver%_*} - JVM_PATCH_VERSION=${jvmver#*_} - - if [ "$JVM_VERSION" \< "1.8" ] ; then - echo "Cassandra 3.0 and later require Java 8u40 or later." - exit 1; - fi - - if [ "$JVM_VERSION" \< "1.8" ] && [ "$JVM_PATCH_VERSION" -lt 40 ] ; then - echo "Cassandra 3.0 and later require Java 8u40 or later." - exit 1; - fi - - jvm=`echo "$java_ver_output" | grep -A 1 '[openjdk|java] version' | awk 'NR==2 {print $1}'` - case "$jvm" in - OpenJDK) - JVM_VENDOR=OpenJDK - # this will be "64-Bit" or "32-Bit" - JVM_ARCH=`echo "$java_ver_output" | awk 'NR==3 {print $2}'` - ;; - "Java(TM)") - JVM_VENDOR=Oracle - # this will be "64-Bit" or "32-Bit" - JVM_ARCH=`echo "$java_ver_output" | awk 'NR==3 {print $3}'` - ;; - *) - # Help fill in other JVM values - JVM_VENDOR=other - JVM_ARCH=unknown - ;; - esac - - #GC log path has to be defined here because it needs to access CASSANDRA_HOME - JVM_OPTS="$JVM_OPTS -Xloggc:${CASSANDRA_HOME}/logs/gc.log" - - # Here we create the arguments that will get passed to the jvm when - # starting cassandra. - - # Read user-defined JVM options from jvm.options file - JVM_OPTS_FILE=$CASSANDRA_CONF/jvm.options - for opt in `grep "^-" $JVM_OPTS_FILE` - do - JVM_OPTS="$JVM_OPTS $opt" - done - - # Check what parameters were defined on jvm.options file to avoid conflicts - echo $JVM_OPTS | grep -q Xmn - DEFINED_XMN=$? - echo $JVM_OPTS | grep -q Xmx - DEFINED_XMX=$? - echo $JVM_OPTS | grep -q Xms - DEFINED_XMS=$? - echo $JVM_OPTS | grep -q UseConcMarkSweepGC - USING_CMS=$? - echo $JVM_OPTS | grep -q UseG1GC - USING_G1=$? - - # Override these to set the amount of memory to allocate to the JVM at - # start-up. For production use you may wish to adjust this for your - # environment. MAX_HEAP_SIZE is the total amount of memory dedicated - # to the Java heap. HEAP_NEWSIZE refers to the size of the young - # generation. Both MAX_HEAP_SIZE and HEAP_NEWSIZE should be either set - # or not (if you set one, set the other). - # - # The main trade-off for the young generation is that the larger it - # is, the longer GC pause times will be. The shorter it is, the more - # expensive GC will be (usually). - # - # The example HEAP_NEWSIZE assumes a modern 8-core+ machine for decent pause - # times. If in doubt, and if you do not particularly want to tweak, go with - # 100 MB per physical CPU core. - - #MAX_HEAP_SIZE="4G" - #HEAP_NEWSIZE="800M" - - # Set this to control the amount of arenas per-thread in glibc - #export MALLOC_ARENA_MAX=4 - - # only calculate the size if it's not set manually - if [ "x$MAX_HEAP_SIZE" = "x" ] && [ "x$HEAP_NEWSIZE" = "x" -o $USING_G1 -eq 0 ]; then - calculate_heap_sizes - elif [ "x$MAX_HEAP_SIZE" = "x" ] || [ "x$HEAP_NEWSIZE" = "x" -a $USING_G1 -ne 0 ]; then - echo "please set or unset MAX_HEAP_SIZE and HEAP_NEWSIZE in pairs when using CMS GC (see cassandra-env.sh)" - exit 1 - fi - - if [ "x$MALLOC_ARENA_MAX" = "x" ] ; then - export MALLOC_ARENA_MAX=4 - fi - - # We only set -Xms and -Xmx if they were not defined on jvm.options file - # If defined, both Xmx and Xms should be defined together. - if [ $DEFINED_XMX -ne 0 ] && [ $DEFINED_XMS -ne 0 ]; then - JVM_OPTS="$JVM_OPTS -Xms${MAX_HEAP_SIZE}" - JVM_OPTS="$JVM_OPTS -Xmx${MAX_HEAP_SIZE}" - elif [ $DEFINED_XMX -ne 0 ] || [ $DEFINED_XMS -ne 0 ]; then - echo "Please set or unset -Xmx and -Xms flags in pairs on jvm.options file." - exit 1 - fi - - # We only set -Xmn flag if it was not defined in jvm.options file - # and if the CMS GC is being used - # If defined, both Xmn and Xmx should be defined together. - if [ $DEFINED_XMN -eq 0 ] && [ $DEFINED_XMX -ne 0 ]; then - echo "Please set or unset -Xmx and -Xmn flags in pairs on jvm.options file." - exit 1 - elif [ $DEFINED_XMN -ne 0 ] && [ $USING_CMS -eq 0 ]; then - JVM_OPTS="$JVM_OPTS -Xmn${HEAP_NEWSIZE}" - fi - - if [ "$JVM_ARCH" = "64-Bit" ] && [ $USING_CMS -eq 0 ]; then - JVM_OPTS="$JVM_OPTS -XX:+UseCondCardMark" - fi - - # provides hints to the JIT compiler - JVM_OPTS="$JVM_OPTS -XX:CompileCommandFile=$CASSANDRA_CONF/hotspot_compiler" - - # add the jamm javaagent - JVM_OPTS="$JVM_OPTS -javaagent:$CASSANDRA_HOME/lib/jamm-0.3.0.jar" - - # add jolokia - JVM_OPTS="$JVM_OPTS -javaagent:/etc/jolokia-agent.jar=port={{ $.Params.JOLOKIA_PORT }},host=localhost" - - # set jvm HeapDumpPath with CASSANDRA_HEAPDUMP_DIR - if [ "x$CASSANDRA_HEAPDUMP_DIR" != "x" ]; then - JVM_OPTS="$JVM_OPTS -XX:HeapDumpPath=$CASSANDRA_HEAPDUMP_DIR/cassandra-`date +%s`-pid$$.hprof" - fi - - # stop the jvm on OutOfMemoryError as it can result in some data corruption - # uncomment the preferred option - # ExitOnOutOfMemoryError and CrashOnOutOfMemoryError require a JRE greater or equals to 1.7 update 101 or 1.8 update 92 - # For OnOutOfMemoryError we cannot use the JVM_OPTS variables because bash commands split words - # on white spaces without taking quotes into account - # JVM_OPTS="$JVM_OPTS -XX:+ExitOnOutOfMemoryError" - # JVM_OPTS="$JVM_OPTS -XX:+CrashOnOutOfMemoryError" - JVM_ON_OUT_OF_MEMORY_ERROR_OPT="-XX:OnOutOfMemoryError=kill -9 %p" - - # print an heap histogram on OutOfMemoryError - # JVM_OPTS="$JVM_OPTS -Dcassandra.printHeapHistogramOnOutOfMemoryError=true" - - # jmx: metrics and administration interface - # - # add this if you're having trouble connecting: - # JVM_OPTS="$JVM_OPTS -Djava.rmi.server.hostname=" - # - # see - # https://blogs.oracle.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole - # for more on configuring JMX through firewalls, etc. (Short version: - # get it working with no firewall first.) - - # Specifies the default port over which Cassandra will be available for - # JMX connections. - # For security reasons, you should not expose this port to the internet. Firewall it if needed. - JMX_PORT="{{ .Params.JMX_PORT }}" - RMI_PORT="{{ .Params.RMI_PORT }}" - - {{ if ne $.Params.JMX_LOCAL_ONLY "true" }} - JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.local.only=false" - #JVM_OPTS="$JVM_OPTS -Djava.rmi.server.hostname=$POD_NAME.{{ .Name }}-svc.$POD_NAMESPACE.svc.cluster.local" - JVM_OPTS="$JVM_OPTS -Djava.rmi.server.hostname=$POD_IP" - - JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.remote.port=$JMX_PORT" - # if ssl is enabled the same port cannot be used for both jmx and rmi so either - # pick another value for this property or comment out to use a random port (though see CASSANDRA-7087 for origins) - JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.rmi.port=$RMI_PORT" - - # turn on JMX authentication. See below for further options - JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=false" - - set +x - readonly truststore_password=$(cat /etc/cassandra/truststore/truststore_password) - readonly keystore_password=$(cat /etc/cassandra/truststore/keystore_password) - - # jmx ssl options - JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=true" - JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.need.client.auth=true" - JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.enabled.protocols=TLSv1.2" - JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.enabled.cipher.suites={{ .Params.TRANSPORT_ENCRYPTION_CIPHERS }}" - JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStore=/etc/cassandra/tls/cassandra.server.keystore.jks" - JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStorePassword=${keystore_password}" - JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStore=/etc/cassandra/tls/cassandra.server.truststore.jks" - JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStorePassword=${truststore_password}" - {{ else }} - JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.local.port=$JMX_PORT" - JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=false" - {{ end }} - - # jmx authentication and authorization options. By default, auth is only - # activated for remote connections but they can also be enabled for local only JMX - ## Basic file based authn & authz - JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password" - #JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.access.file=/etc/cassandra/jmxremote.access" - ## Custom auth settings which can be used as alternatives to JMX's out of the box auth utilities. - ## JAAS login modules can be used for authentication by uncommenting these two properties. - ## Cassandra ships with a LoginModule implementation - org.apache.cassandra.auth.CassandraLoginModule - - ## which delegates to the IAuthenticator configured in cassandra.yaml. See the sample JAAS configuration - ## file cassandra-jaas.config - #JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.remote.login.config=CassandraLogin" - #JVM_OPTS="$JVM_OPTS -Djava.security.auth.login.config=$CASSANDRA_CONF/cassandra-jaas.config" - - ## Cassandra also ships with a helper for delegating JMX authz calls to the configured IAuthorizer, - ## uncomment this to use it. Requires one of the two authentication options to be enabled - #JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.authorizer=org.apache.cassandra.auth.jmx.AuthorizationProxy" - - # To use mx4j, an HTML interface for JMX, add mx4j-tools.jar to the lib/ - # directory. - # See http://cassandra.apache.org/doc/3.11/operating/metrics.html#jmx - # By default mx4j listens on 0.0.0.0:8081. Uncomment the following lines - # to control its listen address and port. - #MX4J_ADDRESS="-Dmx4jaddress=127.0.0.1" - #MX4J_PORT="-Dmx4jport=8081" - - # Cassandra uses SIGAR to capture OS metrics CASSANDRA-7838 - # for SIGAR we have to set the java.library.path - # to the location of the native libraries. - JVM_OPTS="$JVM_OPTS -Djava.library.path=$CASSANDRA_HOME/lib/sigar-bin" - - JVM_OPTS="$JVM_OPTS $MX4J_ADDRESS" - JVM_OPTS="$JVM_OPTS $MX4J_PORT" - JVM_OPTS="$JVM_OPTS $JVM_EXTRA_OPTS" - - # This is used in case of a restore. The restore init container saves the token map in this location - if [ -f /var/lib/cassandra/token_map ]; then - INITIAL_TOKENS=`cat /var/lib/cassandra/token_map` - JVM_OPTS="$JVM_OPTS -Dcassandra.initial_token=$INITIAL_TOKENS" - fi - - if [ -s /var/lib/cassandra/replace.ip ]; then - replace_ip=$(cat /var/lib/cassandra/replace.ip); - echo "File replace.ip found with IP:${replace_ip}"; - JVM_OPTS="$JVM_OPTS -Dcassandra.replace_address=${replace_ip}" - fi; diff --git a/repository/cassandra/3.11/operator/templates/cassandra-exporter-config-yml.yaml b/repository/cassandra/3.11/operator/templates/cassandra-exporter-config-yml.yaml deleted file mode 100644 index 1e6c5b4..0000000 --- a/repository/cassandra/3.11/operator/templates/cassandra-exporter-config-yml.yaml +++ /dev/null @@ -1,86 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Name }}-cassandra-exporter-config-yml - namespace: {{ .Namespace }} -data: - setup.sh: | - cp /cassandra-exporter-config/config.yml /etc/cassandra_exporter/config.yml; - {{ if .Params.PROMETHEUS_EXPORTER_CUSTOM_CONFIG_CM_NAME }} - PROMETHEUS_CUSTOM_CONFIGURATION_FILE=$(ls -d /custom-configuration/* | head -n 1); - cp $PROMETHEUS_CUSTOM_CONFIGURATION_FILE /tmp/custom-configuration; - echo "Appending custom configuration file to the config.yml..." | xargs -L 1 echo $(date +'[%Y-%m-%d %H:%M:%S,%3N]') $1; - skip_properties=("host" "listenAddress" "listenPort" "user" "password" "ssl"); - for property in "${skip_properties[@]}"; do - if grep -q "${property}:" /tmp/custom-configuration; then - echo "WARN: cannot override '$property' using custom properties configmap."; - echo "Removing property '$property'"; - sed -i "/^${property}:/d" /tmp/custom-configuration; - fi; - done; - CUSTOM_CONFIGURATION=$(cat /tmp/custom-configuration); - echo ${CUSTOM_CONFIGURATION}; - printf "\n${CUSTOM_CONFIGURATION}" >> /etc/cassandra_exporter/config.yml; - {{ end }} - config.yml: | - host: localhost:{{ .Params.JMX_PORT }} - {{ if ne $.Params.JMX_LOCAL_ONLY "true" }} - ssl: True - {{ else }} - ssl: False - {{ end }} - user: - password: - listenAddress: 0.0.0.0 - listenPort: {{ .Params.PROMETHEUS_EXPORTER_PORT }} - blacklist: - # To profile the duration of jmx call you can start the program with the following options - # > java -Dorg.slf4j.simpleLogger.defaultLogLevel=trace -jar cassandra_exporter.jar config.yml --oneshot - # - # To get intuition of what is done by cassandra when something is called you can look in cassandra - # https://github.com/apache/cassandra/tree/trunk/src/java/org/apache/cassandra/metrics - # Please avoid to scrape frequently those calls that are iterating over all sstables - - # Unaccessible metrics (not enough privilege) - - java:lang:memorypool:.*usagethreshold.* - - # Leaf attributes not interesting for us but that are presents in many path - - .*:999thpercentile - - .*:95thpercentile - - .*:fifteenminuterate - - .*:fiveminuterate - - .*:durationunit - - .*:rateunit - - .*:stddev - - .*:meanrate - - .*:mean - - .*:min - - # Non-interesting metrics - - .*:viewlockacquiretime:.* - - .*:viewreadtime:.* - - .*:cas[a-z]+latency:.* - - .*:colupdatetimedeltahistogram:.* - - # RPC metrics that do not need to be scraped - - org:apache:cassandra:db:.* - - # columnfamily is an alias for Table metrics - # https://github.com/apache/cassandra/blob/8b3a60b9a7dbefeecc06bace617279612ec7092d/src/java/org/apache/cassandra/metrics/TableMetrics.java#L162 - - org:apache:cassandra:metrics:columnfamily:.* - - # Should we export metrics for system keyspaces/tables ? - - org:apache:cassandra:metrics:[^:]+:system[^:]*:.* - - # Don't scrape metrics from Criteo - - com:criteo:nosql:cassandra:exporter:.* - - maxScrapFrequencyInSec: - 50: - - .* - - # Refresh those metrics only every hour as it is costly for cassandra to retrieve them - 3600: - - .*:snapshotssize:.* - - .*:estimated.* - - .*:totaldiskspaceused:.* diff --git a/repository/cassandra/3.11/operator/templates/cassandra-role-sa.yaml b/repository/cassandra/3.11/operator/templates/cassandra-role-sa.yaml deleted file mode 100644 index 7cb552e..0000000 --- a/repository/cassandra/3.11/operator/templates/cassandra-role-sa.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Name }}-binding - namespace: {{ .Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ .Name }}-role -subjects: - - kind: ServiceAccount - name: {{ .Name }}-sa - namespace: {{ .Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Name }}-sa - namespace: {{ .Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Namespace }} - name: {{ .Name }}-role -rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["update", "get", "list"] diff --git a/repository/cassandra/3.11/operator/templates/cassandra-topology.yaml b/repository/cassandra/3.11/operator/templates/cassandra-topology.yaml deleted file mode 100644 index f84a77e..0000000 --- a/repository/cassandra/3.11/operator/templates/cassandra-topology.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Name }}-topology-lock - namespace: {{ .Namespace }} -data: \ No newline at end of file diff --git a/repository/cassandra/3.11/operator/templates/external-service.yaml b/repository/cassandra/3.11/operator/templates/external-service.yaml deleted file mode 100644 index 7b0e17d..0000000 --- a/repository/cassandra/3.11/operator/templates/external-service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Name }}-svc-external - namespace: {{ .Namespace }} -spec: - type: LoadBalancer - externalTrafficPolicy: Local - selector: - app: {{ .Name }} - kudo.dev/instance: {{ .Name }} - ports: - {{ if eq .Params.EXTERNAL_NATIVE_TRANSPORT "true" }} - - protocol: TCP - name: native-transport - port: {{ .Params.EXTERNAL_NATIVE_TRANSPORT_PORT }} - targetPort: {{ .Params.NATIVE_TRANSPORT_PORT }} - {{ end }} - {{ if and (eq .Params.EXTERNAL_RPC "true") (eq .Params.START_RPC "true") }} - - protocol: TCP - name: rpc - port: {{ .Params.EXTERNAL_RPC_PORT }} - targetPort: {{ .Params.RPC_PORT }} - {{ end }} \ No newline at end of file diff --git a/repository/cassandra/3.11/operator/templates/generate-cassandra-yaml.yaml b/repository/cassandra/3.11/operator/templates/generate-cassandra-yaml.yaml deleted file mode 100644 index f2c36a2..0000000 --- a/repository/cassandra/3.11/operator/templates/generate-cassandra-yaml.yaml +++ /dev/null @@ -1,1449 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Name }}-generate-cassandra-yaml - namespace: {{ .Namespace }} -data: - generate-cassandra-yaml.sh: | - #!/usr/bin/env bash - - set -euxo pipefail - - set +x - readonly truststore_password=$(cat /etc/cassandra/truststore/truststore_password) - readonly keystore_password=$(cat /etc/cassandra/truststore/keystore_password) - set -x - - {{- if .Params.NODE_TOPOLOGY }} - {{- $lastTopo := 0 }} - SEEDS="{{- range $dc := $.Params.NODE_TOPOLOGY -}} - {{- range $i, $node := until (int (min 3 $dc.nodes)) -}} - {{- if or $i $lastTopo -}}, {{- end -}} - {{ $.Name }}-{{ $dc.datacenter }}-node-{{ $node }}.{{ $.Name }}-svc.{{ $.Namespace }}.svc.cluster.local - {{- end -}} - {{- $lastTopo = 1 }} - {{- end -}} - {{- range $external := $.Params.EXTERNAL_SEED_NODES -}} - , {{ . }} - {{- end -}}" - {{- else }} - # We have a simple setup and use the first 3 nodes as seed - SEEDS="{{- range $i, $node := until (int (min 3 .Params.NODE_COUNT)) -}} - {{- if $i -}}, {{- end -}} - {{ $.Name }}-node-{{ $node }}.{{ $.Name }}-svc.{{ $.Namespace }}.svc.cluster.local - {{- end -}} - {{- range $external := $.Params.EXTERNAL_SEED_NODES -}} - , {{ . }} - {{- end -}}" - {{- end }} - - {{- if .Params.NODE_TOPOLOGY }} - NODE_ZERO={{ $.Name }}-{{ (index $.Params.NODE_TOPOLOGY 0).datacenter }}-node-0 - {{- else }} - NODE_ZERO={{ $.Name }}-node-0 - {{- end }} - - HOSTNAME=${POD_NAME}.{{ .Name }}-svc.{{ .Namespace }}.svc.cluster.local - - # Every node except the very first one shouldn't see themselves as a seed node on startup - if [ "${POD_NAME}" != "${NODE_ZERO}" ]; then - echo "No system data directory found, we need to bootstrap and can't be a seed node at the moment"; - SEEDS=`echo $SEEDS | sed -E 's/'"$HOSTNAME"',?//'` - fi; - - # When replacing a node, the new node should not be a seed node either. This applies to the very first node as well - if [ -s /var/lib/cassandra/replace.ip ]; then - echo "File replace.ip found, we are in replacement mode and have to remove our own host from seed list"; - SEEDS=`echo $SEEDS | sed -E 's/'"$HOSTNAME"',?//'` - fi; - set +x - - # Remove trailing comma if there is one - SEEDS=`echo $SEEDS | sed -E 's/,?$//'` - - echo "Seedlist is now: $SEEDS" - - cat < /etc/cassandra/cassandra.yaml - # Cassandra storage config YAML - - # NOTE: - # See http://wiki.apache.org/cassandra/StorageConfiguration for - # full explanations of configuration directives - # /NOTE - - # The name of the cluster. This is mainly used to prevent machines in - # one logical cluster from joining another. - {{ if .Params.OVERRIDE_CLUSTER_NAME }} - cluster_name: '{{ .Params.OVERRIDE_CLUSTER_NAME }}' - {{ else }} - # TODO(mpereira): does it make sense to prepend the Kubernetes namespace to - # the Cassandra cluster name? - cluster_name: '{{ .Name }}' - {{ end }} - - # This defines the number of tokens randomly assigned to this node on the ring - # The more tokens, relative to other nodes, the larger the proportion of data - # that this node will store. You probably want all nodes to have the same number - # of tokens assuming they have equal hardware capability. - # - # If you leave this unspecified, Cassandra will use the default of 1 token for legacy compatibility, - # and will use the initial_token as described below. - # - # Specifying initial_token will override this setting on the node's initial start, - # on subsequent starts, this setting will apply even if initial token is set. - # - # If you already have a cluster with 1 token per node, and wish to migrate to - # multiple tokens per node, see http://wiki.apache.org/cassandra/Operations - num_tokens: {{ .Params.NUM_TOKENS }} - - # Triggers automatic allocation of num_tokens tokens for this node. The allocation - # algorithm attempts to choose tokens in a way that optimizes replicated load over - # the nodes in the datacenter for the replication strategy used by the specified - # keyspace. - # - # The load assigned to each node will be close to proportional to its number of - # vnodes. - # - # Only supported with the Murmur3Partitioner. - {{ if .Params.ALLOCATE_TOKENS_FOR_KEYSPACE }} - allocate_tokens_for_keyspace: {{ .Params.ALLOCATE_TOKENS_FOR_KEYSPACE }} - {{ end }} - - # initial_token allows you to specify tokens manually. While you can use it with - # vnodes (num_tokens > 1, above) -- in which case you should provide a - # comma-separated list -- it's primarily used when adding nodes to legacy clusters - # that do not have vnodes enabled. - # - # NOTE(mpereira): "initial_token" should be set on a per-node basis, so it - # doesn't make sense to expose it as an operator setting. Maybe we'll - # somehow support this more officially in the future. For now we'll leave it - # commented out. - # - # initial_token: ... - - # See http://wiki.apache.org/cassandra/HintedHandoff - # May either be "true" or "false" to enable globally - hinted_handoff_enabled: {{ .Params.HINTED_HANDOFF_ENABLED }} - - # When hinted_handoff_enabled is true, a black list of data centers that will not - # perform hinted handoff - # - # TODO(mpereira): expose this setting when we add multi-datacenter support. - # hinted_handoff_disabled_datacenters: - # - DC1 - # - DC2 - - # this defines the maximum amount of time a dead host will have hints - # generated. After it has been dead this long, new hints for it will not be - # created until it has been seen alive and gone down again. - max_hint_window_in_ms: {{ .Params.MAX_HINT_WINDOW_IN_MS }} - - # Maximum throttle in KBs per second, per delivery thread. This will be - # reduced proportionally to the number of nodes in the cluster. (If there - # are two nodes in the cluster, each delivery thread will use the maximum - # rate; if there are three, each will throttle to half of the maximum, - # since we expect two nodes to be delivering hints simultaneously.) - hinted_handoff_throttle_in_kb: {{ .Params.HINTED_HANDOFF_THROTTLE_IN_KB }} - - # Number of threads with which to deliver hints; - # Consider increasing this number when you have multi-dc deployments, since - # cross-dc handoff tends to be slower - max_hints_delivery_threads: {{ .Params.MAX_HINTS_DELIVERY_THREADS }} - - # Directory where Cassandra should store hints. - # If not set, the default directory is \$CASSANDRA_HOME/data/hints. - {{ if .Params.HINTS_DIRECTORY }} - hints_directory: {{ .Params.HINTS_DIRECTORY }} - {{ end }} - - # How often hints should be flushed from the internal buffers to disk. - # Will *not* trigger fsync. - hints_flush_period_in_ms: {{ .Params.HINTS_FLUSH_PERIOD_IN_MS }} - - # Maximum size for a single hints file, in megabytes. - max_hints_file_size_in_mb: {{ .Params.MAX_HINTS_FILE_SIZE_IN_MB }} - - # Compression to apply to the hint files. If omitted, hints files - # will be written uncompressed. LZ4, Snappy, and Deflate compressors - # are supported. - # hints_compression: - # - class_name: LZ4Compressor - # parameters: - # - ... - - # Maximum throttle in KBs per second, total. This will be - # reduced proportionally to the number of nodes in the cluster. - batchlog_replay_throttle_in_kb: {{ .Params.BATCHLOG_REPLAY_THROTTLE_IN_KB }} - - # Authentication backend, implementing IAuthenticator; used to identify users - # Out of the box, Cassandra provides org.apache.cassandra.auth.{AllowAllAuthenticator, - # PasswordAuthenticator}. - # - # - AllowAllAuthenticator performs no checks - set it to disable authentication. - # - PasswordAuthenticator relies on username/password pairs to authenticate - # users. It keeps usernames and hashed passwords in system_auth.roles table. - # Please increase system_auth keyspace replication factor if you use this authenticator. - # If using PasswordAuthenticator, CassandraRoleManager must also be used (see below) - authenticator: {{ .Params.AUTHENTICATOR }} - - # Authorization backend, implementing IAuthorizer; used to limit access/provide permissions - # Out of the box, Cassandra provides org.apache.cassandra.auth.{AllowAllAuthorizer, - # CassandraAuthorizer}. - # - # - AllowAllAuthorizer allows any action to any user - set it to disable authorization. - # - CassandraAuthorizer stores permissions in system_auth.role_permissions table. Please - # increase system_auth keyspace replication factor if you use this authorizer. - authorizer: {{ .Params.AUTHORIZER }} - - # Part of the Authentication & Authorization backend, implementing IRoleManager; used - # to maintain grants and memberships between roles. - # Out of the box, Cassandra provides org.apache.cassandra.auth.CassandraRoleManager, - # which stores role information in the system_auth keyspace. Most functions of the - # IRoleManager require an authenticated login, so unless the configured IAuthenticator - # actually implements authentication, most of this functionality will be unavailable. - # - # - CassandraRoleManager stores role data in the system_auth keyspace. Please - # increase system_auth keyspace replication factor if you use this role manager. - role_manager: {{ .Params.ROLE_MANAGER }} - - # Validity period for roles cache (fetching granted roles can be an expensive - # operation depending on the role manager, CassandraRoleManager is one example) - # Granted roles are cached for authenticated sessions in AuthenticatedUser and - # after the period specified here, become eligible for (async) reload. - # Defaults to 2000, set to 0 to disable caching entirely. - # Will be disabled automatically for AllowAllAuthenticator. - roles_validity_in_ms: {{ .Params.ROLES_VALIDITY_IN_MS }} - - # Refresh interval for roles cache (if enabled). - # After this interval, cache entries become eligible for refresh. Upon next - # access, an async reload is scheduled and the old value returned until it - # completes. If roles_validity_in_ms is non-zero, then this must be - # also. - # Defaults to the same value as roles_validity_in_ms. - {{ if .Params.ROLES_UPDATE_INTERVAL_IN_MS }} - roles_update_interval_in_ms: {{ .Params.ROLES_UPDATE_INTERVAL_IN_MS }} - {{ end }} - - # Validity period for permissions cache (fetching permissions can be an - # expensive operation depending on the authorizer, CassandraAuthorizer is - # one example). Defaults to 2000, set to 0 to disable. - # Will be disabled automatically for AllowAllAuthorizer. - permissions_validity_in_ms: {{ .Params.PERMISSIONS_VALIDITY_IN_MS }} - - # Refresh interval for permissions cache (if enabled). - # After this interval, cache entries become eligible for refresh. Upon next - # access, an async reload is scheduled and the old value returned until it - # completes. If permissions_validity_in_ms is non-zero, then this must be - # also. - # Defaults to the same value as permissions_validity_in_ms. - {{ if .Params.PERMISSIONS_UPDATE_INTERVAL_IN_MS }} - permissions_update_interval_in_ms: {{ .Params.PERMISSIONS_UPDATE_INTERVAL_IN_MS }} - {{ end }} - - # Validity period for credentials cache. This cache is tightly coupled to - # the provided PasswordAuthenticator implementation of IAuthenticator. If - # another IAuthenticator implementation is configured, this cache will not - # be automatically used and so the following settings will have no effect. - # Please note, credentials are cached in their encrypted form, so while - # activating this cache may reduce the number of queries made to the - # underlying table, it may not bring a significant reduction in the - # latency of individual authentication attempts. - # Defaults to 2000, set to 0 to disable credentials caching. - credentials_validity_in_ms: {{ .Params.CREDENTIALS_VALIDITY_IN_MS }} - - # Refresh interval for credentials cache (if enabled). - # After this interval, cache entries become eligible for refresh. Upon next - # access, an async reload is scheduled and the old value returned until it - # completes. If credentials_validity_in_ms is non-zero, then this must be - # also. - # Defaults to the same value as credentials_validity_in_ms. - {{ if .Params.CREDENTIALS_UPDATE_INTERVAL_IN_MS }} - credentials_update_interval_in_ms: {{ .Params.CREDENTIALS_UPDATE_INTERVAL_IN_MS }} - {{ end }} - - # The partitioner is responsible for distributing groups of rows (by - # partition key) across nodes in the cluster. You should leave this - # alone for new clusters. The partitioner can NOT be changed without - # reloading all data, so when upgrading you should set this to the - # same partitioner you were already using. - # - # Besides Murmur3Partitioner, partitioners included for backwards - # compatibility include RandomPartitioner, ByteOrderedPartitioner, and - # OrderPreservingPartitioner. - # - partitioner: {{ .Params.PARTITIONER }} - - # Directories where Cassandra should store data on disk. Cassandra - # will spread data evenly across them, subject to the granularity of - # the configured compaction strategy. - # If not set, the default directory is \$CASSANDRA_HOME/data/data. - # - # This needs to be set to a valid value for medusa to work - data_file_directories: - - /var/lib/cassandra/data - - # commit log. when running on magnetic HDD, this should be a - # separate spindle than the data directories. - # - # This needs to be set to a valid value for medusa to work - {{ if .Params.COMMITLOG_DIRECTORY }} - commitlog_directory: {{ .Params.COMMITLOG_DIRECTORY }} - {{ else }} - commitlog_directory: /var/lib/cassandra/commitlog - {{ end }} - - # Enable / disable CDC functionality on a per-node basis. This modifies the logic used - # for write path allocation rejection (standard: never reject. cdc: reject Mutation - # containing a CDC-enabled table if at space limit in cdc_raw_directory). - cdc_enabled: {{ .Params.CDC_ENABLED }} - - # CommitLogSegments are moved to this directory on flush if cdc_enabled: true and the - # segment contains mutations for a CDC-enabled table. This should be placed on a - # separate spindle than the data directories. If not set, the default directory is - # \$CASSANDRA_HOME/data/cdc_raw. - {{ if .Params.CDC_RAW_DIRECTORY }} - cdc_raw_directory: {{ .Params.CDC_RAW_DIRECTORY }} - {{ end }} - - # Policy for data disk failures: - # - # die - # shut down gossip and client transports and kill the JVM for any fs errors or - # single-sstable errors, so the node can be replaced. - # - # stop_paranoid - # shut down gossip and client transports even for single-sstable errors, - # kill the JVM for errors during startup. - # - # stop - # shut down gossip and client transports, leaving the node effectively dead, but - # can still be inspected via JMX, kill the JVM for errors during startup. - # - # best_effort - # stop using the failed disk and respond to requests based on - # remaining available sstables. This means you WILL see obsolete - # data at CL.ONE! - # - # ignore - # ignore fatal errors and let requests fail, as in pre-1.2 Cassandra - disk_failure_policy: {{ .Params.DISK_FAILURE_POLICY }} - - # Policy for commit disk failures: - # - # die - # shut down gossip and Thrift and kill the JVM, so the node can be replaced. - # - # stop - # shut down gossip and Thrift, leaving the node effectively dead, but - # can still be inspected via JMX. - # - # stop_commit - # shutdown the commit log, letting writes collect but - # continuing to service reads, as in pre-2.0.5 Cassandra - # - # ignore - # ignore fatal errors and let the batches fail - commit_failure_policy: {{ .Params.COMMIT_FAILURE_POLICY }} - - # Maximum size of the native protocol prepared statement cache - # - # Valid values are either "auto" (omitting the value) or a value greater 0. - # - # Note that specifying a too large value will result in long running GCs and possbily - # out-of-memory errors. Keep the value at a small fraction of the heap. - # - # If you constantly see "prepared statements discarded in the last minute because - # cache limit reached" messages, the first step is to investigate the root cause - # of these messages and check whether prepared statements are used correctly - - # i.e. use bind markers for variable parts. - # - # Do only change the default value, if you really have more prepared statements than - # fit in the cache. In most cases it is not neccessary to change this value. - # Constantly re-preparing statements is a performance penalty. - # - # Default value ("auto") is 1/256th of the heap or 10MB, whichever is greater - prepared_statements_cache_size_mb: {{ .Params.PREPARED_STATEMENTS_CACHE_SIZE_MB }} - - # Maximum size of the Thrift prepared statement cache - # - # If you do not use Thrift at all, it is safe to leave this value at "auto". - # - # See description of 'prepared_statements_cache_size_mb' above for more information. - # - # Default value ("auto") is 1/256th of the heap or 10MB, whichever is greater - thrift_prepared_statements_cache_size_mb: {{ .Params.THRIFT_PREPARED_STATEMENTS_CACHE_SIZE_MB }} - - # Maximum size of the key cache in memory. - # - # Each key cache hit saves 1 seek and each row cache hit saves 2 seeks at the - # minimum, sometimes more. The key cache is fairly tiny for the amount of - # time it saves, so it's worthwhile to use it at large numbers. - # The row cache saves even more time, but must contain the entire row, - # so it is extremely space-intensive. It's best to only use the - # row cache if you have hot rows or static rows. - # - # NOTE: if you reduce the size, you may not get you hottest keys loaded on startup. - # - # Default value is empty to make it "auto" (min(5% of Heap (in MB), 100MB)). Set to 0 to disable key cache. - key_cache_size_in_mb: {{ .Params.KEY_CACHE_SIZE_IN_MB }} - - # Duration in seconds after which Cassandra should - # save the key cache. Caches are saved to saved_caches_directory as - # specified in this configuration file. - # - # Saved caches greatly improve cold-start speeds, and is relatively cheap in - # terms of I/O for the key cache. Row cache saving is much more expensive and - # has limited use. - # - # Default is 14400 or 4 hours. - key_cache_save_period: {{ .Params.KEY_CACHE_SAVE_PERIOD }} - - # Number of keys from the key cache to save - # Disabled by default, meaning all keys are going to be saved - {{ if .Params.KEY_CACHE_KEYS_TO_SAVE }} - key_cache_keys_to_save: {{ .Params.KEY_CACHE_KEYS_TO_SAVE }} - {{ end }} - - # Row cache implementation class name. Available implementations: - # - # org.apache.cassandra.cache.OHCProvider - # Fully off-heap row cache implementation (default). - # - # org.apache.cassandra.cache.SerializingCacheProvider - # This is the row cache implementation availabile - # in previous releases of Cassandra. - {{ if .Params.ROW_CACHE_CLASS_NAME }} - row_cache_class_name: {{ .Params.ROW_CACHE_CLASS_NAME }} - {{ end }} - - # Maximum size of the row cache in memory. - # Please note that OHC cache implementation requires some additional off-heap memory to manage - # the map structures and some in-flight memory during operations before/after cache entries can be - # accounted against the cache capacity. This overhead is usually small compared to the whole capacity. - # Do not specify more memory that the system can afford in the worst usual situation and leave some - # headroom for OS block level cache. Do never allow your system to swap. - # - # Default value is 0, to disable row caching. - row_cache_size_in_mb: {{ .Params.ROW_CACHE_SIZE_IN_MB }} - - # Duration in seconds after which Cassandra should save the row cache. - # Caches are saved to saved_caches_directory as specified in this configuration file. - # - # Saved caches greatly improve cold-start speeds, and is relatively cheap in - # terms of I/O for the key cache. Row cache saving is much more expensive and - # has limited use. - # - # Default is 0 to disable saving the row cache. - row_cache_save_period: {{ .Params.ROW_CACHE_SAVE_PERIOD }} - - # Number of keys from the row cache to save. - # Specify 0 (which is the default), meaning all keys are going to be saved - {{ if .Params.ROW_CACHE_KEYS_TO_SAVE }} - row_cache_keys_to_save: {{ .Params.ROW_CACHE_KEYS_TO_SAVE }} - {{ end }} - - # Maximum size of the counter cache in memory. - # - # Counter cache helps to reduce counter locks' contention for hot counter cells. - # In case of RF = 1 a counter cache hit will cause Cassandra to skip the read before - # write entirely. With RF > 1 a counter cache hit will still help to reduce the duration - # of the lock hold, helping with hot counter cell updates, but will not allow skipping - # the read entirely. Only the local (clock, count) tuple of a counter cell is kept - # in memory, not the whole counter, so it's relatively cheap. - # - # NOTE: if you reduce the size, you may not get you hottest keys loaded on startup. - # - # Default value is empty to make it "auto" (min(2.5% of Heap (in MB), 50MB)). Set to 0 to disable counter cache. - # NOTE: if you perform counter deletes and rely on low gcgs, you should disable the counter cache. - counter_cache_size_in_mb: {{ .Params.COUNTER_CACHE_SIZE_IN_MB }} - - # Duration in seconds after which Cassandra should - # save the counter cache (keys only). Caches are saved to saved_caches_directory as - # specified in this configuration file. - # - # Default is 7200 or 2 hours. - counter_cache_save_period: {{ .Params.COUNTER_CACHE_SAVE_PERIOD }} - - # Number of keys from the counter cache to save - # Disabled by default, meaning all keys are going to be saved - {{ if .Params.COUNTER_CACHE_KEYS_TO_SAVE }} - counter_cache_keys_to_save: {{ .Params.COUNTER_CACHE_KEYS_TO_SAVE }} - {{ end }} - - # saved caches - # If not set, the default directory is \$CASSANDRA_HOME/data/saved_caches. - # saved_caches_directory: /var/lib/cassandra/saved_caches - # - # This needs to be set to a valid value for medusa to work - {{ if .Params.SAVED_CACHES_DIRECTORY }} - saved_caches_directory: {{ .Params.SAVED_CACHES_DIRECTORY }} - {{ else }} - saved_caches_directory: /var/lib/cassandra/saved_caches - {{ end }} - - # commitlog_sync may be either "periodic" or "batch." - # - # When in batch mode, Cassandra won't ack writes until the commit log has - # been fsynced to disk. It will wait commitlog_sync_batch_window_in_ms - # milliseconds between fsyncs. This window should be kept short because the - # writer threads will be unable to do extra work while waiting. (You may - # need to increase concurrent_writes for the same reason.) - # - # the other option is "periodic" where writes may be acked immediately and - # the CommitLog is simply synced every commitlog_sync_period_in_ms - # milliseconds. - commitlog_sync: {{ .Params.COMMITLOG_SYNC }} - commitlog_sync_period_in_ms: {{ .Params.COMMITLOG_SYNC_PERIOD_IN_MS }} - {{ if .Params.COMMITLOG_SYNC_BATCH_WINDOW_IN_MS }} - commitlog_sync_batch_window_in_ms: {{ .Params.COMMITLOG_SYNC_BATCH_WINDOW_IN_MS }} - {{ end }} - - # The size of the individual commitlog file segments. A commitlog - # segment may be archived, deleted, or recycled once all the data - # in it (potentially from each columnfamily in the system) has been - # flushed to sstables. - # - # The default size is 32, which is almost always fine, but if you are - # archiving commitlog segments (see commitlog_archiving.properties), - # then you probably want a finer granularity of archiving; 8 or 16 MB - # is reasonable. - # Max mutation size is also configurable via max_mutation_size_in_kb setting in - # cassandra.yaml. The default is half the size commitlog_segment_size_in_mb * 1024. - # This should be positive and less than 2048. - # - # NOTE: If max_mutation_size_in_kb is set explicitly then commitlog_segment_size_in_mb must - # be set to at least twice the size of max_mutation_size_in_kb / 1024 - # - commitlog_segment_size_in_mb: {{ .Params.COMMITLOG_SEGMENT_SIZE_IN_MB }} - - # Compression to apply to the commit log. If omitted, the commit log - # will be written uncompressed. LZ4, Snappy, and Deflate compressors - # are supported. - # commitlog_compression: - # - class_name: LZ4Compressor - # parameters: - # - - - # any class that implements the SeedProvider interface and has a - # constructor that takes a Map of parameters will do. - seed_provider: - # Addresses of hosts that are deemed contact points. - # Cassandra nodes use this list of hosts to find each other and learn - # the topology of the ring. You must change this if you are running - # multiple nodes! - - class_name: {{ .Params.SEED_PROVIDER_CLASS }} - parameters: - # Here we follow the advice from DataStax and make the first 3 - # nodes in a DC the seed nodes. - # https://docs.datastax.com/en/dse/6.0/dse-admin/datastax_enterprise/production/seedNodesForSingleDC.html - - seeds: ${SEEDS} - - # For workloads with more data than can fit in memory, Cassandra's - # bottleneck will be reads that need to fetch data from - # disk. "concurrent_reads" should be set to (16 * number_of_drives) in - # order to allow the operations to enqueue low enough in the stack - # that the OS and drives can reorder them. Same applies to - # "concurrent_counter_writes", since counter writes read the current - # values before incrementing and writing them back. - # - # On the other hand, since writes are almost never IO bound, the ideal - # number of "concurrent_writes" is dependent on the number of cores in - # your system; (8 * number_of_cores) is a good rule of thumb. - concurrent_reads: {{ .Params.CONCURRENT_READS }} - concurrent_writes: {{ .Params.CONCURRENT_WRITES }} - concurrent_counter_writes: {{ .Params.CONCURRENT_COUNTER_WRITES }} - - # For materialized view writes, as there is a read involved, so this should - # be limited by the less of concurrent reads or concurrent writes. - concurrent_materialized_view_writes: {{ .Params.CONCURRENT_MATERIALIZED_VIEW_WRITES }} - - # Maximum memory to use for sstable chunk cache and buffer pooling. - # 32MB of this are reserved for pooling buffers, the rest is used as an - # cache that holds uncompressed sstable chunks. - # Defaults to the smaller of 1/4 of heap or 512MB. This pool is allocated off-heap, - # so is in addition to the memory allocated for heap. The cache also has on-heap - # overhead which is roughly 128 bytes per chunk (i.e. 0.2% of the reserved size - # if the default 64k chunk size is used). - # Memory is only allocated when needed. - {{ if .Params.FILE_CACHE_SIZE_IN_MB }} - file_cache_size_in_mb: {{ .Params.FILE_CACHE_SIZE_IN_MB }} - {{ end }} - - # Flag indicating whether to allocate on or off heap when the sstable buffer - # pool is exhausted, that is when it has exceeded the maximum memory - # file_cache_size_in_mb, beyond which it will not cache buffers but allocate on request. - - {{ if .Params.BUFFER_POOL_USE_HEAP_IF_EXHAUSTED }} - buffer_pool_use_heap_if_exhausted: {{ .Params.BUFFER_POOL_USE_HEAP_IF_EXHAUSTED }} - {{ end }} - - # The strategy for optimizing disk read - # Possible values are: - # ssd (for solid state disks, the default) - # spinning (for spinning disks) - {{ if .Params.DISK_OPTIMIZATION_STRATEGY }} - disk_optimization_strategy: {{ .Params.DISK_OPTIMIZATION_STRATEGY }} - {{ end }} - - # Total permitted memory to use for memtables. Cassandra will stop - # accepting writes when the limit is exceeded until a flush completes, - # and will trigger a flush based on memtable_cleanup_threshold - # If omitted, Cassandra will set both to 1/4 the size of the heap. - {{ if .Params.MEMTABLE_HEAP_SPACE_IN_MB }} - memtable_heap_space_in_mb: {{ .Params.MEMTABLE_HEAP_SPACE_IN_MB }} - {{ end }} - {{ if .Params.MEMTABLE_OFFHEAP_SPACE_IN_MB }} - memtable_offheap_space_in_mb: {{ .Params.MEMTABLE_OFFHEAP_SPACE_IN_MB }} - {{ end }} - - # memtable_cleanup_threshold is deprecated. The default calculation - # is the only reasonable choice. See the comments on memtable_flush_writers - # for more information. - # - # Ratio of occupied non-flushing memtable size to total permitted size - # that will trigger a flush of the largest memtable. Larger mct will - # mean larger flushes and hence less compaction, but also less concurrent - # flush activity which can make it difficult to keep your disks fed - # under heavy write load. - # - # memtable_cleanup_threshold defaults to 1 / (memtable_flush_writers + 1) - {{ if .Params.MEMTABLE_CLEANUP_THRESHOLD }} - memtable_cleanup_threshold: {{ .Params.MEMTABLE_CLEANUP_THRESHOLD }} - {{ end }} - - # Specify the way Cassandra allocates and manages memtable memory. - # Options are: - # - # heap_buffers - # on heap nio buffers - # - # offheap_buffers - # off heap (direct) nio buffers - # - # offheap_objects - # off heap objects - memtable_allocation_type: {{ .Params.MEMTABLE_ALLOCATION_TYPE }} - - # Limits the maximum Merkle tree depth to avoid consuming too much - # memory during repairs. - # - # The default setting of 18 generates trees of maximum size around - # 50 MiB / tree. If you are running out of memory during repairs consider - # lowering this to 15 (~6 MiB / tree) or lower, but try not to lower it - # too much past that or you will lose too much resolution and stream - # too much redundant data during repair. Cannot be set lower than 10. - # - # For more details see https://issues.apache.org/jira/browse/CASSANDRA-14096. - # - {{ if .Params.REPAIR_SESSION_MAX_TREE_DEPTH }} - repair_session_max_tree_depth: {{ .Params.REPAIR_SESSION_MAX_TREE_DEPTH }} - {{ end }} - - # Total space to use for commit logs on disk. - # - # If space gets above this value, Cassandra will flush every dirty CF - # in the oldest segment and remove it. So a small total commitlog space - # will tend to cause more flush activity on less-active columnfamilies. - # - # The default value is the smaller of 8192, and 1/4 of the total space - # of the commitlog volume. - # - {{ if .Params.COMMITLOG_TOTAL_SPACE_IN_MB }} - commitlog_total_space_in_mb: {{ .Params.COMMITLOG_TOTAL_SPACE_IN_MB }} - {{ end }} - - # This sets the number of memtable flush writer threads per disk - # as well as the total number of memtables that can be flushed concurrently. - # These are generally a combination of compute and IO bound. - # - # Memtable flushing is more CPU efficient than memtable ingest and a single thread - # can keep up with the ingest rate of a whole server on a single fast disk - # until it temporarily becomes IO bound under contention typically with compaction. - # At that point you need multiple flush threads. At some point in the future - # it may become CPU bound all the time. - # - # You can tell if flushing is falling behind using the MemtablePool.BlockedOnAllocation - # metric which should be 0, but will be non-zero if threads are blocked waiting on flushing - # to free memory. - # - # memtable_flush_writers defaults to two for a single data directory. - # This means that two memtables can be flushed concurrently to the single data directory. - # If you have multiple data directories the default is one memtable flushing at a time - # but the flush will use a thread per data directory so you will get two or more writers. - # - # Two is generally enough to flush on a fast disk [array] mounted as a single data directory. - # Adding more flush writers will result in smaller more frequent flushes that introduce more - # compaction overhead. - # - # There is a direct tradeoff between number of memtables that can be flushed concurrently - # and flush size and frequency. More is not better you just need enough flush writers - # to never stall waiting for flushing to free memory. - # - {{ if .Params.MEMTABLE_FLUSH_WRITERS }} - memtable_flush_writers: {{ .Params.MEMTABLE_FLUSH_WRITERS }} - {{ end }} - - # Total space to use for change-data-capture logs on disk. - # - # If space gets above this value, Cassandra will throw WriteTimeoutException - # on Mutations including tables with CDC enabled. A CDCCompactor is responsible - # for parsing the raw CDC logs and deleting them when parsing is completed. - # - # The default value is the min of 4096 mb and 1/8th of the total space - # of the drive where cdc_raw_directory resides. - {{ if .Params.CDC_TOTAL_SPACE_IN_MB }} - cdc_total_space_in_mb: {{ .Params.CDC_TOTAL_SPACE_IN_MB }} - {{ end }} - - # When we hit our cdc_raw limit and the CDCCompactor is either running behind - # or experiencing backpressure, we check at the following interval to see if any - # new space for cdc-tracked tables has been made available. Default to 250ms - {{ if .Params.CDC_FREE_SPACE_CHECK_INTERVAL_MS }} - cdc_free_space_check_interval_ms: {{ .Params.CDC_FREE_SPACE_CHECK_INTERVAL_MS }} - {{ end }} - - # A fixed memory pool size in MB for for SSTable index summaries. If left - # empty, this will default to 5% of the heap size. If the memory usage of - # all index summaries exceeds this limit, SSTables with low read rates will - # shrink their index summaries in order to meet this limit. However, this - # is a best-effort process. In extreme conditions Cassandra may need to use - # more than this amount of memory. - index_summary_capacity_in_mb: {{ .Params.INDEX_SUMMARY_CAPACITY_IN_MB }} - - # How frequently index summaries should be resampled. This is done - # periodically to redistribute memory from the fixed-size pool to sstables - # proportional their recent read rates. Setting to -1 will disable this - # process, leaving existing index summaries at their current sampling level. - index_summary_resize_interval_in_minutes: {{ .Params.INDEX_SUMMARY_RESIZE_INTERVAL_IN_MINUTES }} - - # Whether to, when doing sequential writing, fsync() at intervals in - # order to force the operating system to flush the dirty - # buffers. Enable this to avoid sudden dirty buffer flushing from - # impacting read latencies. Almost always a good idea on SSDs; not - # necessarily on platters. - trickle_fsync: {{ .Params.TRICKLE_FSYNC }} - trickle_fsync_interval_in_kb: {{ .Params.TRICKLE_FSYNC_INTERVAL_IN_KB }} - - # TCP port, for commands and data - # For security reasons, you should not expose this port to the internet. Firewall it if needed. - storage_port: {{ .Params.STORAGE_PORT }} - - # SSL port, for encrypted communication. Unused unless enabled in - # encryption_options - # For security reasons, you should not expose this port to the internet. Firewall it if needed. - ssl_storage_port: {{ .Params.SSL_STORAGE_PORT }} - - # Address or interface to bind to and tell other Cassandra nodes to connect to. - # You _must_ change this if you want multiple nodes to be able to communicate! - # - # Set listen_address OR listen_interface, not both. - # - # Leaving it blank leaves it up to InetAddress.getLocalHost(). This - # will always do the Right Thing _if_ the node is properly configured - # (hostname, name resolution, etc), and the Right Thing is to use the - # address associated with the hostname (it might not be). - # - # Setting listen_address to 0.0.0.0 is always wrong. - # - # TODO(mpereira): should we explicitly set this to the pod IP address? - # listen_address: localhost - - # Set listen_address OR listen_interface, not both. Interfaces must correspond - # to a single address, IP aliasing is not supported. - # listen_interface: eth0 - - # If you choose to specify the interface by name and the interface has an ipv4 and an ipv6 address - # you can specify which should be chosen using listen_interface_prefer_ipv6. If false the first ipv4 - # address will be used. If true the first ipv6 address will be used. Defaults to false preferring - # ipv4. If there is only one address it will be selected regardless of ipv4/ipv6. - # listen_interface_prefer_ipv6: false - - # Address to broadcast to other Cassandra nodes - # Leaving this blank will set it to the same value as listen_address - # broadcast_address: 1.2.3.4 - - # When using multiple physical network interfaces, set this - # to true to listen on broadcast_address in addition to - # the listen_address, allowing nodes to communicate in both - # interfaces. - # Ignore this property if the network configuration automatically - # routes between the public and private networks such as EC2. - {{ if .Params.LISTEN_ON_BROADCAST_ADDRESS }} - listen_on_broadcast_address: {{ .Params.LISTEN_ON_BROADCAST_ADDRESS }} - {{ end }} - - # Internode authentication backend, implementing IInternodeAuthenticator; - # used to allow/disallow connections from peer nodes. - {{ if .Params.INTERNODE_AUTHENTICATOR }} - internode_authenticator: {{ .Params.INTERNODE_AUTHENTICATOR }} - {{ end }} - - # Whether to start the native transport server. - # Please note that the address on which the native transport is bound is the - # same as the rpc_address. The port however is different and specified below. - start_native_transport: {{ .Params.START_NATIVE_TRANSPORT }} - # port for the CQL native transport to listen for clients on - # For security reasons, you should not expose this port to the internet. Firewall it if needed. - native_transport_port: {{ .Params.NATIVE_TRANSPORT_PORT }} - # Enabling native transport encryption in client_encryption_options allows you to either use - # encryption for the standard port or to use a dedicated, additional port along with the unencrypted - # standard native_transport_port. - # Enabling client encryption and keeping native_transport_port_ssl disabled will use encryption - # for native_transport_port. Setting native_transport_port_ssl to a different value - # from native_transport_port will use encryption for native_transport_port_ssl while - # keeping native_transport_port unencrypted. - # native_transport_port_ssl: 9142 - # The maximum threads for handling requests when the native transport is used. - # This is similar to rpc_max_threads though the default differs slightly (and - # there is no native_transport_min_threads, idle threads will always be stopped - # after 30 seconds). - {{ if .Params.NATIVE_TRANSPORT_MAX_THREADS }} - native_transport_max_threads: {{ .Params.NATIVE_TRANSPORT_MAX_THREADS }} - {{ end }} - # - # The maximum size of allowed frame. Frame (requests) larger than this will - # be rejected as invalid. The default is 256MB. If you're changing this parameter, - # you may want to adjust max_value_size_in_mb accordingly. This should be positive and less than 2048. - {{ if .Params.NATIVE_TRANSPORT_MAX_FRAME_SIZE_IN_MB }} - native_transport_max_frame_size_in_mb: {{ .Params.NATIVE_TRANSPORT_MAX_FRAME_SIZE_IN_MB }} - {{ end }} - - # The maximum number of concurrent client connections. - # The default is -1, which means unlimited. - {{ if .Params.NATIVE_TRANSPORT_MAX_CONCURRENT_CONNECTIONS }} - native_transport_max_concurrent_connections: {{ .Params.NATIVE_TRANSPORT_MAX_CONCURRENT_CONNECTIONS }} - {{ end }} - - # The maximum number of concurrent client connections per source ip. - # The default is -1, which means unlimited. - {{ if .Params.NATIVE_TRANSPORT_MAX_FRAME_SIZE_IN_MB }} - native_transport_max_concurrent_connections_per_ip: {{ .Params.NATIVE_TRANSPORT_MAX_CONCURRENT_CONNECTIONS_PER_IP }} - {{ end }} - - # Whether to start the thrift rpc server. - start_rpc: {{ .Params.START_RPC }} - - # The address or interface to bind the Thrift RPC service and native transport - # server to. - # - # Set rpc_address OR rpc_interface, not both. - # - # Leaving rpc_address blank has the same effect as on listen_address - # (i.e. it will be based on the configured hostname of the node). - # - # Note that unlike listen_address, you can specify 0.0.0.0, but you must also - # set broadcast_rpc_address to a value other than 0.0.0.0. - # - # For security reasons, you should not expose this port to the internet. Firewall it if needed. - # TODO(mpereira): should we explicitly set this to the pod IP address? - # rpc_address: localhost - - # Set rpc_address OR rpc_interface, not both. Interfaces must correspond - # to a single address, IP aliasing is not supported. - # rpc_interface: eth1 - - # If you choose to specify the interface by name and the interface has an ipv4 and an ipv6 address - # you can specify which should be chosen using rpc_interface_prefer_ipv6. If false the first ipv4 - # address will be used. If true the first ipv6 address will be used. Defaults to false preferring - # ipv4. If there is only one address it will be selected regardless of ipv4/ipv6. - # rpc_interface_prefer_ipv6: false - - # port for Thrift to listen for clients on - rpc_port: {{ .Params.RPC_PORT }} - - # RPC address to broadcast to drivers and other Cassandra nodes. This cannot - # be set to 0.0.0.0. If left blank, this will be set to the value of - # rpc_address. If rpc_address is set to 0.0.0.0, broadcast_rpc_address must - # be set. - # broadcast_rpc_address: 1.2.3.4 - - # enable or disable keepalive on rpc/native connections - rpc_keepalive: {{ .Params.RPC_KEEPALIVE }} - - # Cassandra provides two out-of-the-box options for the RPC Server: - # - # sync - # One thread per thrift connection. For a very large number of clients, memory - # will be your limiting factor. On a 64 bit JVM, 180KB is the minimum stack size - # per thread, and that will correspond to your use of virtual memory (but physical memory - # may be limited depending on use of stack space). - # - # hsha - # Stands for "half synchronous, half asynchronous." All thrift clients are handled - # asynchronously using a small number of threads that does not vary with the amount - # of thrift clients (and thus scales well to many clients). The rpc requests are still - # synchronous (one thread per active request). If hsha is selected then it is essential - # that rpc_max_threads is changed from the default value of unlimited. - # - # The default is sync because on Windows hsha is about 30% slower. On Linux, - # sync/hsha performance is about the same, with hsha of course using less memory. - # - # Alternatively, can provide your own RPC server by providing the fully-qualified class name - # of an o.a.c.t.TServerFactory that can create an instance of it. - rpc_server_type: {{ .Params.RPC_SERVER_TYPE }} - - # Set request pool size limits. - # - # Regardless of your choice of RPC server (see above), the number of maximum requests in the - # RPC thread pool dictates how many concurrent requests are possible (but if you are using the sync - # RPC server, it also dictates the number of clients that can be connected at all). - # - # The default is unlimited and thus provides no protection against clients overwhelming the server. You are - # encouraged to set a maximum that makes sense for you in production, but do keep in mind that - # rpc_max_threads represents the maximum number of client requests this server may execute concurrently. - # - {{ if .Params.RPC_MIN_THREADS }} - rpc_min_threads: {{ .Params.RPC_MIN_THREADS }} - {{ end }} - - {{ if .Params.RPC_MAX_THREADS }} - rpc_max_threads: {{ .Params.RPC_MAX_THREADS }} - {{ end }} - - {{ if .Params.RPC_SEND_BUFF_SIZE_IN_BYTES }} - rpc_send_buff_size_in_bytes: {{ .Params.RPC_SEND_BUFF_SIZE_IN_BYTES }} - {{ end }} - - {{ if .Params.RPC_RECV_BUFF_SIZE_IN_BYTES }} - rpc_recv_buff_size_in_bytes: {{ .Params.RPC_RECV_BUFF_SIZE_IN_BYTES }} - {{ end }} - - # Set socket buffer size for internode communication - # Note that when setting this, the buffer size is limited by net.core.wmem_max - # and when not setting it it is defined by net.ipv4.tcp_wmem - # See also: - # /proc/sys/net/core/wmem_max - # /proc/sys/net/core/rmem_max - # /proc/sys/net/ipv4/tcp_wmem - # /proc/sys/net/ipv4/tcp_wmem - # and 'man tcp' - {{ if .Params.INTERNODE_SEND_BUFF_SIZE_IN_BYTES }} - internode_send_buff_size_in_bytes: {{ .Params.INTERNODE_SEND_BUFF_SIZE_IN_BYTES }} - {{ end }} - - # Set socket buffer size for internode communication - # Note that when setting this, the buffer size is limited by net.core.wmem_max - # and when not setting it it is defined by net.ipv4.tcp_wmem - {{ if .Params.INTERNODE_RECV_BUFF_SIZE_IN_BYTES }} - internode_recv_buff_size_in_bytes: {{ .Params.INTERNODE_RECV_BUFF_SIZE_IN_BYTES }} - {{ end }} - - # Frame size for thrift (maximum message length). - thrift_framed_transport_size_in_mb: {{ .Params.THRIFT_FRAMED_TRANSPORT_SIZE_IN_MB }} - - # Set to true to have Cassandra create a hard link to each sstable - # flushed or streamed locally in a backups/ subdirectory of the - # keyspace data. Removing these links is the operator's - # responsibility. - incremental_backups: {{ .Params.INCREMENTAL_BACKUPS }} - - # Whether or not to take a snapshot before each compaction. Be - # careful using this option, since Cassandra won't clean up the - # snapshots for you. Mostly useful if you're paranoid when there - # is a data format change. - snapshot_before_compaction: {{ .Params.SNAPSHOT_BEFORE_COMPACTION }} - - # Whether or not a snapshot is taken of the data before keyspace truncation - # or dropping of column families. The STRONGLY advised default of true - # should be used to provide data safety. If you set this flag to false, you will - # lose data on truncation or drop. - auto_snapshot: {{ .Params.AUTO_SNAPSHOT }} - - # Granularity of the collation index of rows within a partition. - # Increase if your rows are large, or if you have a very large - # number of rows per partition. The competing goals are these: - # - # - a smaller granularity means more index entries are generated - # and looking up rows withing the partition by collation column - # is faster - # - but, Cassandra will keep the collation index in memory for hot - # rows (as part of the key cache), so a larger granularity means - # you can cache more hot rows - column_index_size_in_kb: {{ .Params.COLUMN_INDEX_SIZE_IN_KB }} - - # Per sstable indexed key cache entries (the collation index in memory - # mentioned above) exceeding this size will not be held on heap. - # This means that only partition information is held on heap and the - # index entries are read from disk. - # - # Note that this size refers to the size of the - # serialized index information and not the size of the partition. - column_index_cache_size_in_kb: {{ .Params.COLUMN_INDEX_CACHE_SIZE_IN_KB }} - - # Number of simultaneous compactions to allow, NOT including - # validation "compactions" for anti-entropy repair. Simultaneous - # compactions can help preserve read performance in a mixed read/write - # workload, by mitigating the tendency of small sstables to accumulate - # during a single long running compactions. The default is usually - # fine and if you experience problems with compaction running too - # slowly or too fast, you should look at - # compaction_throughput_mb_per_sec first. - # - # concurrent_compactors defaults to the smaller of (number of disks, - # number of cores), with a minimum of 2 and a maximum of 8. - # - # If your data directories are backed by SSD, you should increase this - # to the number of cores. - {{ if .Params.CONCURRENT_COMPACTORS }} - concurrent_compactors: {{ .Params.CONCURRENT_COMPACTORS }} - {{ end }} - - # Throttles compaction to the given total throughput across the entire - # system. The faster you insert data, the faster you need to compact in - # order to keep the sstable count down, but in general, setting this to - # 16 to 32 times the rate you are inserting data is more than sufficient. - # Setting this to 0 disables throttling. Note that this account for all types - # of compaction, including validation compaction. - compaction_throughput_mb_per_sec: {{ .Params.COMPACTION_THROUGHPUT_MB_PER_SEC }} - - # When compacting, the replacement sstable(s) can be opened before they - # are completely written, and used in place of the prior sstables for - # any range that has been written. This helps to smoothly transfer reads - # between the sstables, reducing page cache churn and keeping hot rows hot - sstable_preemptive_open_interval_in_mb: {{ .Params.SSTABLE_PREEMPTIVE_OPEN_INTERVAL_IN_MB }} - - # Throttles all outbound streaming file transfers on this node to the - # given total throughput in Mbps. This is necessary because Cassandra does - # mostly sequential IO when streaming data during bootstrap or repair, which - # can lead to saturating the network connection and degrading rpc performance. - # When unset, the default is 200 Mbps or 25 MB/s. - {{ if .Params.STREAM_THROUGHPUT_OUTBOUND_MEGABITS_PER_SEC }} - stream_throughput_outbound_megabits_per_sec: {{ .Params.STREAM_THROUGHPUT_OUTBOUND_MEGABITS_PER_SEC }} - {{ end }} - - # Throttles all streaming file transfer between the datacenters, - # this setting allows users to throttle inter dc stream throughput in addition - # to throttling all network stream traffic as configured with - # stream_throughput_outbound_megabits_per_sec - # When unset, the default is 200 Mbps or 25 MB/s - {{ if .Params.INTER_DC_STREAM_THROUGHPUT_OUTBOUND_MEGABITS_PER_SEC }} - inter_dc_stream_throughput_outbound_megabits_per_sec: {{ .Params.INTER_DC_STREAM_THROUGHPUT_OUTBOUND_MEGABITS_PER_SEC }} - {{ end }} - - # How long the coordinator should wait for read operations to complete - read_request_timeout_in_ms: {{ .Params.READ_REQUEST_TIMEOUT_IN_MS }} - # How long the coordinator should wait for seq or index scans to complete - range_request_timeout_in_ms: {{ .Params.RANGE_REQUEST_TIMEOUT_IN_MS }} - # How long the coordinator should wait for writes to complete - write_request_timeout_in_ms: {{ .Params.WRITE_REQUEST_TIMEOUT_IN_MS }} - # How long the coordinator should wait for counter writes to complete - counter_write_request_timeout_in_ms: {{ .Params.COUNTER_WRITE_REQUEST_TIMEOUT_IN_MS }} - # How long a coordinator should continue to retry a CAS operation - # that contends with other proposals for the same row - cas_contention_timeout_in_ms: {{ .Params.CAS_CONTENTION_TIMEOUT_IN_MS }} - # How long the coordinator should wait for truncates to complete - # (This can be much longer, because unless auto_snapshot is disabled - # we need to flush first so we can snapshot before removing the data.) - truncate_request_timeout_in_ms: {{ .Params.TRUNCATE_REQUEST_TIMEOUT_IN_MS }} - # The default timeout for other, miscellaneous operations - request_timeout_in_ms: {{ .Params.REQUEST_TIMEOUT_IN_MS }} - - # How long before a node logs slow queries. Select queries that take longer than - # this timeout to execute, will generate an aggregated log message, so that slow queries - # can be identified. Set this value to zero to disable slow query logging. - slow_query_log_timeout_in_ms: {{ .Params.SLOW_QUERY_LOG_TIMEOUT_IN_MS }} - - # Enable operation timeout information exchange between nodes to accurately - # measure request timeouts. If disabled, replicas will assume that requests - # were forwarded to them instantly by the coordinator, which means that - # under overload conditions we will waste that much extra time processing - # already-timed-out requests. - # - # Warning: before enabling this property make sure to ntp is installed - # and the times are synchronized between the nodes. - cross_node_timeout: {{ .Params.CROSS_NODE_TIMEOUT }} - - # Set keep-alive period for streaming - # This node will send a keep-alive message periodically with this period. - # If the node does not receive a keep-alive message from the peer for - # 2 keep-alive cycles the stream session times out and fail - # Default value is 300s (5 minutes), which means stalled stream - # times out in 10 minutes by default - {{ if .Params.STREAMING_KEEP_ALIVE_PERIOD_IN_SECS }} - streaming_keep_alive_period_in_secs: {{ .Params.STREAMING_KEEP_ALIVE_PERIOD_IN_SECS }} - {{ end }} - - # phi value that must be reached for a host to be marked down. - # most users should never need to adjust this. - {{ if .Params.PHI_CONVICT_THRESHOLD }} - phi_convict_threshold: {{ .Params.PHI_CONVICT_THRESHOLD }} - {{ end }} - - # endpoint_snitch -- Set this to a class that implements - # IEndpointSnitch. The snitch has two functions: - # - # - it teaches Cassandra enough about your network topology to route - # requests efficiently - # - it allows Cassandra to spread replicas around your cluster to avoid - # correlated failures. It does this by grouping machines into - # "datacenters" and "racks." Cassandra will do its best not to have - # more than one replica on the same "rack" (which may not actually - # be a physical location) - # - # CASSANDRA WILL NOT ALLOW YOU TO SWITCH TO AN INCOMPATIBLE SNITCH - # ONCE DATA IS INSERTED INTO THE CLUSTER. This would cause data loss. - # This means that if you start with the default SimpleSnitch, which - # locates every node on "rack1" in "datacenter1", your only options - # if you need to add another datacenter are GossipingPropertyFileSnitch - # (and the older PFS). From there, if you want to migrate to an - # incompatible snitch like Ec2Snitch you can do it by adding new nodes - # under Ec2Snitch (which will locate them in a new "datacenter") and - # decommissioning the old ones. - # - # Out of the box, Cassandra provides: - # - # SimpleSnitch: - # Treats Strategy order as proximity. This can improve cache - # locality when disabling read repair. Only appropriate for - # single-datacenter deployments. - # - # GossipingPropertyFileSnitch - # This should be your go-to snitch for production use. The rack - # and datacenter for the local node are defined in - # cassandra-rackdc.properties and propagated to other nodes via - # gossip. If cassandra-topology.properties exists, it is used as a - # fallback, allowing migration from the PropertyFileSnitch. - # - # PropertyFileSnitch: - # Proximity is determined by rack and data center, which are - # explicitly configured in cassandra-topology.properties. - # - # Ec2Snitch: - # Appropriate for EC2 deployments in a single Region. Loads Region - # and Availability Zone information from the EC2 API. The Region is - # treated as the datacenter, and the Availability Zone as the rack. - # Only private IPs are used, so this will not work across multiple - # Regions. - # - # Ec2MultiRegionSnitch: - # Uses public IPs as broadcast_address to allow cross-region - # connectivity. (Thus, you should set seed addresses to the public - # IP as well.) You will need to open the storage_port or - # ssl_storage_port on the public IP firewall. (For intra-Region - # traffic, Cassandra will switch to the private IP after - # establishing a connection.) - # - # RackInferringSnitch: - # Proximity is determined by rack and data center, which are - # assumed to correspond to the 3rd and 2nd octet of each node's IP - # address, respectively. Unless this happens to match your - # deployment conventions, this is best used as an example of - # writing a custom Snitch class and is provided in that spirit. - # - # You can use a custom Snitch by setting this to the full class name - # of the snitch, which will be assumed to be on your classpath. - endpoint_snitch: {{ .Params.ENDPOINT_SNITCH }} - - # controls how often to perform the more expensive part of host score - # calculation - dynamic_snitch_update_interval_in_ms: {{ .Params.DYNAMIC_SNITCH_UPDATE_INTERVAL_IN_MS }} - # controls how often to reset all host scores, allowing a bad host to - # possibly recover - dynamic_snitch_reset_interval_in_ms: {{ .Params.DYNAMIC_SNITCH_RESET_INTERVAL_IN_MS }} - # if set greater than zero and read_repair_chance is < 1.0, this will allow - # 'pinning' of replicas to hosts in order to increase cache capacity. - # The badness threshold will control how much worse the pinned host has to be - # before the dynamic snitch will prefer other replicas over it. This is - # expressed as a double which represents a percentage. Thus, a value of - # 0.2 means Cassandra would continue to prefer the static snitch values - # until the pinned host was 20% worse than the fastest. - dynamic_snitch_badness_threshold: {{ .Params.DYNAMIC_SNITCH_BADNESS_THRESHOLD }} - - # request_scheduler -- Set this to a class that implements - # RequestScheduler, which will schedule incoming client requests - # according to the specific policy. This is useful for multi-tenancy - # with a single Cassandra cluster. - # NOTE: This is specifically for requests from the client and does - # not affect inter node communication. - # org.apache.cassandra.scheduler.NoScheduler - No scheduling takes place - # org.apache.cassandra.scheduler.RoundRobinScheduler - Round robin of - # client requests to a node with a separate queue for each - # request_scheduler_id. The scheduler is further customized by - # request_scheduler_options as described below. - request_scheduler: {{ .Params.REQUEST_SCHEDULER }} - - # Scheduler Options vary based on the type of scheduler - # - # NoScheduler - # Has no options - # - # RoundRobin - # throttle_limit - # The throttle_limit is the number of in-flight - # requests per client. Requests beyond - # that limit are queued up until - # running requests can complete. - # The value of 80 here is twice the number of - # concurrent_reads + concurrent_writes. - # default_weight - # default_weight is optional and allows for - # overriding the default which is 1. - # weights - # Weights are optional and will default to 1 or the - # overridden default_weight. The weight translates into how - # many requests are handled during each turn of the - # RoundRobin, based on the scheduler id. - # - # request_scheduler_options: - # throttle_limit: 80 - # default_weight: 5 - # weights: - # Keyspace1: 1 - # Keyspace2: 5 - - # request_scheduler_id -- An identifier based on which to perform - # the request scheduling. Currently the only valid option is keyspace. - # request_scheduler_id: keyspace - - # Enable or disable inter-node encryption - # JVM defaults for supported SSL socket protocols and cipher suites can - # be replaced using custom encryption options. This is not recommended - # unless you have policies in place that dictate certain settings, or - # need to disable vulnerable ciphers or protocols in case the JVM cannot - # be updated. - # FIPS compliant settings can be configured at JVM level and should not - # involve changing encryption settings here: - # https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/FIPS.html - # *NOTE* No custom encryption options are enabled at the moment - # The available internode options are : all, none, dc, rack - # - # If set to dc cassandra will encrypt the traffic between the DCs - # If set to rack cassandra will encrypt the traffic between the racks - # - # The passwords used in these options must match the passwords used when generating - # the keystore and truststore. For instructions on generating these files, see: - # http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore - - {{ if eq .Params.TRANSPORT_ENCRYPTION_ENABLED "true" }} - server_encryption_options: - internode_encryption: all - keystore: /etc/cassandra/tls/cassandra.server.keystore.jks - keystore_password: ${keystore_password} - truststore: /etc/cassandra/tls/cassandra.server.truststore.jks - truststore_password: ${truststore_password} - protocol: TLSv1.2 - cipher_suites: [{{ .Params.TRANSPORT_ENCRYPTION_CIPHERS }}] - algorithm: SunX509 - store_type: JKS - require_client_auth: {{ .Params.TRANSPORT_ENCRYPTION_REQUIRE_CLIENT_AUTH }} - # require_endpoint_verification: false - {{ end }} - - {{ if eq .Params.TRANSPORT_ENCRYPTION_CLIENT_ENABLED "true" }} - client_encryption_options: - # If both 'enabled' and 'optional' are set to 'true', both encrypted and - # unencrypted connections are allowed. - enabled: true - {{ if eq .Params.TRANSPORT_ENCRYPTION_CLIENT_ALLOW_PLAINTEXT "true" }} - optional: true - {{ else }} - optional: false - {{ end }} - keystore: /etc/cassandra/tls/cassandra.server.keystore.jks - keystore_password: ${keystore_password} - truststore: /etc/cassandra/tls/cassandra.server.truststore.jks - truststore_password: ${truststore_password} - protocol: TLSv1.2 - require_client_auth: {{ .Params.TRANSPORT_ENCRYPTION_CLIENT_REQUIRE_CLIENT_AUTH }} - algorithm: SunX509 - store_type: JKS - cipher_suites: [{{ .Params.TRANSPORT_ENCRYPTION_CIPHERS }}] - {{ end }} - - # internode_compression controls whether traffic between nodes is - # compressed. - # Can be: - # - # all - # all traffic is compressed - # - # dc - # traffic between different datacenters is compressed - # - # none - # nothing is compressed. - internode_compression: {{ .Params.INTERNODE_COMPRESSION }} - - # Enable or disable tcp_nodelay for inter-dc communication. - # Disabling it will result in larger (but fewer) network packets being sent, - # reducing overhead from the TCP protocol itself, at the cost of increasing - # latency if you block for cross-datacenter responses. - inter_dc_tcp_nodelay: {{ .Params.INTER_DC_TCP_NODELAY }} - - # TTL for different trace types used during logging of the repair process. - tracetype_query_ttl: {{ .Params.TRACETYPE_QUERY_TTL }} - tracetype_repair_ttl: {{ .Params.TRACETYPE_REPAIR_TTL }} - - # By default, Cassandra logs GC Pauses greater than 200 ms at INFO level - # This threshold can be adjusted to minimize logging if necessary - {{ if .Params.GC_LOG_THRESHOLD_IN_MS }} - gc_log_threshold_in_ms: {{ .Params.GC_LOG_THRESHOLD_IN_MS }} - {{ end }} - - # If unset, all GC Pauses greater than gc_log_threshold_in_ms will log at - # INFO level - # UDFs (user defined functions) are disabled by default. - # As of Cassandra 3.0 there is a sandbox in place that should prevent execution of evil code. - enable_user_defined_functions: {{ .Params.ENABLE_USER_DEFINED_FUNCTIONS }} - - # Enables scripted UDFs (JavaScript UDFs). - # Java UDFs are always enabled, if enable_user_defined_functions is true. - # Enable this option to be able to use UDFs with "language javascript" or any custom JSR-223 provider. - # This option has no effect, if enable_user_defined_functions is false. - enable_scripted_user_defined_functions: {{ .Params.ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS }} - - # Enables materialized view creation on this node. - # Materialized views are considered experimental and are not recommended for production use. - enable_materialized_views: {{ .Params.ENABLE_MATERIALIZED_VIEWS }} - - # The default Windows kernel timer and scheduling resolution is 15.6ms for power conservation. - # Lowering this value on Windows can provide much tighter latency and better throughput, however - # some virtualized environments may see a negative performance impact from changing this setting - # below their system default. The sysinternals 'clockres' tool can confirm your system's default - # setting. - windows_timer_interval: {{ .Params.WINDOWS_TIMER_INTERVAL }} - - # Enables encrypting data at-rest (on disk). Different key providers can be plugged in, but the default reads from - # a JCE-style keystore. A single keystore can hold multiple keys, but the one referenced by - # the "key_alias" is the only key that will be used for encrypt opertaions; previously used keys - # can still (and should!) be in the keystore and will be used on decrypt operations - # (to handle the case of key rotation). - # - # It is strongly recommended to download and install Java Cryptography Extension (JCE) - # Unlimited Strength Jurisdiction Policy Files for your version of the JDK. - # (current link: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html) - # - # Currently, only the following file types are supported for transparent data encryption, although - # more are coming in future cassandra releases: commitlog, hints - transparent_data_encryption_options: - enabled: false - chunk_length_kb: 64 - cipher: AES/CBC/PKCS5Padding - key_alias: testing:1 - # CBC IV length for AES needs to be 16 bytes (which is also the default size) - # iv_length: 16 - key_provider: - - class_name: org.apache.cassandra.security.JKSKeyProvider - parameters: - - keystore: conf/.keystore - keystore_password: cassandra - store_type: JCEKS - key_password: cassandra - - ##################### - # SAFETY THRESHOLDS # - ##################### - - # When executing a scan, within or across a partition, we need to keep the - # tombstones seen in memory so we can return them to the coordinator, which - # will use them to make sure other replicas also know about the deleted rows. - # With workloads that generate a lot of tombstones, this can cause performance - # problems and even exaust the server heap. - # (http://www.datastax.com/dev/blog/cassandra-anti-patterns-queues-and-queue-like-datasets) - # Adjust the thresholds here if you understand the dangers and want to - # scan more tombstones anyway. These thresholds may also be adjusted at runtime - # using the StorageService mbean. - tombstone_warn_threshold: {{ .Params.TOMBSTONE_WARN_THRESHOLD }} - tombstone_failure_threshold: {{ .Params.TOMBSTONE_FAILURE_THRESHOLD }} - - # Log WARN on any multiple-partition batch size exceeding this value. 5kb per batch by default. - # Caution should be taken on increasing the size of this threshold as it can lead to node instability. - batch_size_warn_threshold_in_kb: {{ .Params.BATCH_SIZE_WARN_THRESHOLD_IN_KB }} - - # Fail any multiple-partition batch exceeding this value. 50kb (10x warn threshold) by default. - batch_size_fail_threshold_in_kb: {{ .Params.BATCH_SIZE_FAIL_THRESHOLD_IN_KB }} - - # Log WARN on any batches not of type LOGGED than span across more partitions than this limit - unlogged_batch_across_partitions_warn_threshold: {{ .Params.UNLOGGED_BATCH_ACROSS_PARTITIONS_WARN_THRESHOLD }} - - # Log a warning when compacting partitions larger than this value - compaction_large_partition_warning_threshold_mb: {{ .Params.COMPACTION_LARGE_PARTITION_WARNING_THRESHOLD_MB }} - - # GC Pauses greater than gc_warn_threshold_in_ms will be logged at WARN level - # Adjust the threshold based on your application throughput requirement - # By default, Cassandra logs GC Pauses greater than 200 ms at INFO level - gc_warn_threshold_in_ms: {{ .Params.GC_WARN_THRESHOLD_IN_MS }} - - # Maximum size of any value in SSTables. Safety measure to detect SSTable corruption - # early. Any value size larger than this threshold will result into marking an SSTable - # as corrupted. This should be positive and less than 2048. - {{ if .Params.MAX_VALUE_SIZE_IN_MB }} - max_value_size_in_mb: {{ .Params.MAX_VALUE_SIZE_IN_MB }} - {{ end }} - - # Back-pressure settings # - # If enabled, the coordinator will apply the back-pressure strategy specified below to each mutation - # sent to replicas, with the aim of reducing pressure on overloaded replicas. - back_pressure_enabled: {{ .Params.BACK_PRESSURE_ENABLED }} - # The back-pressure strategy applied. - # The default implementation, RateBasedBackPressure, takes three arguments: - # high ratio, factor, and flow type, and uses the ratio between incoming mutation responses and outgoing mutation requests. - # If below high ratio, outgoing mutations are rate limited according to the incoming rate decreased by the given factor; - # if above high ratio, the rate limiting is increased by the given factor; - # such factor is usually best configured between 1 and 10, use larger values for a faster recovery - # at the expense of potentially more dropped mutations; - # the rate limiting is applied according to the flow type: if FAST, it's rate limited at the speed of the fastest replica, - # if SLOW at the speed of the slowest one. - # New strategies can be added. Implementors need to implement org.apache.cassandra.net.BackpressureStrategy and - # provide a public constructor accepting a Map. - back_pressure_strategy: - - class_name: {{ .Params.BACK_PRESSURE_STRATEGY_CLASS_NAME }} - parameters: - - high_ratio: {{ .Params.BACK_PRESSURE_STRATEGY_HIGH_RATIO }} - factor: {{ .Params.BACK_PRESSURE_STRATEGY_FACTOR }} - flow: {{ .Params.BACK_PRESSURE_STRATEGY_FLOW }} - # Coalescing Strategies # - # Coalescing multiples messages turns out to significantly boost message processing throughput (think doubling or more). - # On bare metal, the floor for packet processing throughput is high enough that many applications won't notice, but in - # virtualized environments, the point at which an application can be bound by network packet processing can be - # surprisingly low compared to the throughput of task processing that is possible inside a VM. It's not that bare metal - # doesn't benefit from coalescing messages, it's that the number of packets a bare metal network interface can process - # is sufficient for many applications such that no load starvation is experienced even without coalescing. - # There are other benefits to coalescing network messages that are harder to isolate with a simple metric like messages - # per second. By coalescing multiple tasks together, a network thread can process multiple messages for the cost of one - # trip to read from a socket, and all the task submission work can be done at the same time reducing context switching - # and increasing cache friendliness of network message processing. - # See CASSANDRA-8692 for details. - - # Strategy to use for coalescing messages in OutboundTcpConnection. - # Can be fixed, movingaverage, timehorizon, disabled (default). - # You can also specify a subclass of CoalescingStrategies.CoalescingStrategy by name. - {{ if .Params.OTC_COALESCING_STRATEGY }} - otc_coalescing_strategy: {{ .Params.OTC_COALESCING_STRATEGY }} - {{ end }} - - # How many microseconds to wait for coalescing. For fixed strategy this is the amount of time after the first - # message is received before it will be sent with any accompanying messages. For moving average this is the - # maximum amount of time that will be waited as well as the interval at which messages must arrive on average - # for coalescing to be enabled. - {{ if .Params.OTC_COALESCING_WINDOW_US }} - otc_coalescing_window_us: {{ .Params.OTC_COALESCING_WINDOW_US }} - {{ end }} - - # Do not try to coalesce messages if we already got that many messages. This should be more than 2 and less than 128. - {{ if .Params.OTC_COALESCING_ENOUGH_COALESCED_MESSAGES }} - otc_coalescing_enough_coalesced_messages: {{ .Params.OTC_COALESCING_ENOUGH_COALESCED_MESSAGES }} - {{ end }} - - # How many milliseconds to wait between two expiration runs on the backlog (queue) of the OutboundTcpConnection. - # Expiration is done if messages are piling up in the backlog. Droppable messages are expired to free the memory - # taken by expired messages. The interval should be between 0 and 1000, and in most installations the default value - # will be appropriate. A smaller value could potentially expire messages slightly sooner at the expense of more CPU - # time and queue contention while iterating the backlog of messages. - # An interval of 0 disables any wait time, which is the behavior of former Cassandra versions. - # - {{ if .Params.OTC_BACKLOG_EXPIRATION_INTERVAL_MS }} - otc_backlog_expiration_interval_ms: {{ .Params.OTC_BACKLOG_EXPIRATION_INTERVAL_MS }} - {{ end }} - - # Enables SASI index creation on this node. - # SASI indexes are considered experimental and are not recommended for production use. - {{ if .Params.ENABLE_SASI_INDEXES }} - enable_sasi_indexes: {{ .Params.ENABLE_SASI_INDEXES }} - {{ end }} - - {{ if .Params.CUSTOM_CASSANDRA_YAML_BASE64 }} - {{ .Params.CUSTOM_CASSANDRA_YAML_BASE64 | b64dec }} - {{ end }} - EOF - diff --git a/repository/cassandra/3.11/operator/templates/generate-cqlshrc-sh.yaml b/repository/cassandra/3.11/operator/templates/generate-cqlshrc-sh.yaml deleted file mode 100644 index d777048..0000000 --- a/repository/cassandra/3.11/operator/templates/generate-cqlshrc-sh.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Name }}-generate-cqlshrc-sh - namespace: {{ .Namespace }} -data: - generate-cqlshrc.sh: | - cat <> ~/.cassandra/cqlshrc - [connection] - factory = cqlshlib.ssl.ssl_transport_factory - hostname = ${POD_NAME}.{{ .Name }}-svc.{{ .Namespace }}.svc.cluster.local - port = {{ .Params.NATIVE_TRANSPORT_PORT }} - {{ if eq .Params.TRANSPORT_ENCRYPTION_CLIENT_ENABLED "true" }} - ssl = true - {{ end }} - - {{ if eq .Params.TRANSPORT_ENCRYPTION_CLIENT_ENABLED "true" }} - [ssl] - certfile = /etc/tls/certs/tls.crt - {{ if eq .Params.TRANSPORT_ENCRYPTION_CLIENT_REQUIRE_CLIENT_AUTH "true" }} - userkey = /etc/tls/certs/tls.key - usercert = /etc/tls/certs/tls.crt - {{ end }} - {{ end }} - - {{ if .Params.AUTHENTICATION_SECRET_NAME }} - [authentication] - username = $(cat /etc/cassandra/authentication/username) - password = $(cat /etc/cassandra/authentication/password) - {{ end }} - EOT diff --git a/repository/cassandra/3.11/operator/templates/generate-nodetool-ssl-properties.yaml b/repository/cassandra/3.11/operator/templates/generate-nodetool-ssl-properties.yaml deleted file mode 100644 index c2b7616..0000000 --- a/repository/cassandra/3.11/operator/templates/generate-nodetool-ssl-properties.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Name }}-generate-nodetool-ssl-properties - namespace: {{ .Namespace }} -data: - generate-nodetool-ssl-properties.sh: | - #!/usr/bin/env bash - - set -euxo pipefail - - set +x - readonly truststore_password=$(cat /etc/cassandra/truststore/truststore_password) - readonly keystore_password=$(cat /etc/cassandra/truststore/keystore_password) - - cat < /etc/cassandra/nodetool-ssl.properties - {{ if ne .Params.JMX_LOCAL_ONLY "true" }} - -Dcom.sun.management.jmxremote.ssl=true - -Dcom.sun.management.jmxremote.ssl.need.client.auth=true - -Dcom.sun.management.jmxremote.registry.ssl=true - -Djavax.net.ssl.keyStore=/etc/cassandra/tls/cassandra.server.keystore.jks - -Djavax.net.ssl.keyStorePassword=${keystore_password} - -Djavax.net.ssl.trustStore=/etc/cassandra/tls/cassandra.server.truststore.jks - -Djavax.net.ssl.trustStorePassword=${truststore_password} - {{ end }} - EOF diff --git a/repository/cassandra/3.11/operator/templates/generate-tls-artifacts-sh.yaml b/repository/cassandra/3.11/operator/templates/generate-tls-artifacts-sh.yaml deleted file mode 100644 index 066ddd4..0000000 --- a/repository/cassandra/3.11/operator/templates/generate-tls-artifacts-sh.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Name }}-generate-tls-artifacts-sh - namespace: {{ .Namespace }} -data: - generate-tls-artifacts.sh: | - #!/usr/bin/env bash - - set -euxo pipefail - - mkdir -p /etc/cassandra/tls - pushd /etc/cassandra/tls - - readonly certificate="tls.crt" - readonly private_key="tls.key" - - set +x - readonly truststore_password=$(cat /etc/cassandra/truststore/truststore_password) - readonly keystore_password=$(cat /etc/cassandra/truststore/keystore_password) - - # In days. - readonly validity=900 - - readonly server_keystore="cassandra.server.keystore.jks" - readonly server_truststore="cassandra.server.truststore.jks" - readonly client_truststore="cassandra.client.truststore.jks" - - # Copy CA authority certificate and key obtained from secrets. - cp "/etc/tls/certs/${certificate}" "/etc/cassandra/tls/${certificate}" - cp "/etc/tls/certs/${private_key}" "/etc/cassandra/tls/${private_key}" - - # Generate keystore and truststore. - keytool -keystore "${server_keystore}" \ - -alias localhost \ - -validity ${validity} \ - -genkey \ - -keyalg RSA \ - -dname "CN=$(hostname -f)" \ - -storepass "${truststore_password}" \ - -keypass "${keystore_password}" \ - -noprompt - - # Add the CACert to the client and server truststores so that clients and - # server can trust this CA. - keytool -keystore "${client_truststore}" \ - -alias CARoot \ - -import \ - -file "/etc/cassandra/tls/${certificate}" \ - -storepass "${truststore_password}" \ - -noprompt - - keytool -keystore "${server_truststore}" \ - -alias CARoot \ - -importcert \ - -file "/etc/cassandra/tls/${certificate}" \ - -storepass "${truststore_password}" \ - -noprompt - - # Create a certificate signing request. - keytool -keystore "${server_keystore}" \ - -alias localhost \ - -certreq \ - -file cert-req \ - -storepass "${truststore_password}" - - # Add openssl certificate signing extension config file. - cat > csr.conf <= 16GB) heaps by delaying region scanning - # until the heap is 70% full. The default in Hotspot 8u40 is 40%. - {{ if .Params.JVM_OPT_INITIATING_HEAP_OCCUPANCY_PERCENT }} - -XX:InitiatingHeapOccupancyPercent={{ .Params.JVM_OPT_INITIATING_HEAP_OCCUPANCY_PERCENT }} - {{ end }} - - # For systems with > 8 cores, the default ParallelGCThreads is 5/8 the number of logical cores. - # Otherwise equal to the number of cores when 8 or less. - # Machines with > 10 cores should try setting these to <= full cores. - # -XX:ParallelGCThreads=16 - # By default, ConcGCThreads is 1/4 of ParallelGCThreads. - # Setting both to the same value can reduce STW durations. - {{ if .Params.JVM_OPT_CONC_GC_THREADS }} - -XX:ConcGCThreads={{ .Params.JVM_OPT_CONC_GC_THREADS }} - {{ end }} - - ### GC logging options -- uncomment to enable - - -XX:+PrintGCDetails - -XX:+PrintGCDateStamps - -XX:+PrintHeapAtGC - -XX:+PrintTenuringDistribution - -XX:+PrintGCApplicationStoppedTime - -XX:+PrintPromotionFailure - - {{ if .Params.JVM_OPT_PRINT_FLS_STATISTICS }} - -XX:PrintFLSStatistics={{ .Params.JVM_OPT_PRINT_FLS_STATISTICS }} - {{ end }} - - {{ if .Params.JVM_OPT_GC_LOG_DIRECTORY }} - -Xloggc:{{ .Params.JVM_OPT_GC_LOG_DIRECTORY }} - {{ end }} - - -XX:+UseGCLogFileRotation - - {{ if .Params.JVM_OPT_NUMBER_OF_GC_LOG_FILES }} - -XX:NumberOfGCLogFiles={{ .Params.JVM_OPT_NUMBER_OF_GC_LOG_FILES }} - {{ end }} - - {{ if .Params.JVM_OPT_GC_LOG_FILE_SIZE }} - -XX:GCLogFileSize={{ .Params.JVM_OPT_GC_LOG_FILE_SIZE }} - {{ end }} - - ### Allow the JVM to read CGgroup memory information. This is JDK 8/9 - ### specific and deprecated on JDK 10. It will have to be removed for - ### Cassandra 4.0 which will use JDK 11. - -XX:+UnlockExperimentalVMOptions - -XX:+UseCGroupMemoryLimitForHeap - - {{ if .Params.CUSTOM_JVM_OPTIONS_BASE64 }} - {{ .Params.CUSTOM_JVM_OPTIONS_BASE64 | b64dec }} - {{ end }} diff --git a/repository/cassandra/3.11/operator/templates/medusa-config-ini.yaml b/repository/cassandra/3.11/operator/templates/medusa-config-ini.yaml deleted file mode 100644 index fe32564..0000000 --- a/repository/cassandra/3.11/operator/templates/medusa-config-ini.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Name }}-cassandra-medusa-ini - namespace: {{ .Namespace }} -data: - medusa.ini: | - [cassandra] - ; We don't stop medusa, so noop here - stop_cmd = true - - ; We don't start cassandra with medusa, but we need the token-map for correct startup. We have a bash - ; script that captures the parameter that is passed to cassandra and store it for the real startup - start_cmd = /etc/cassandra/restore-capture-tokenmap.sh - - ;config_file = - - ; These four lines are adjusted bei node-scripts/prepare-medusa-ini.sh if authn is enabled - ;cql_username = - ;cql_password = - ;nodetool_username = - ;nodetool_password_file_path = - - ;nodetool_host = {{ .Name }}-node-0.{{ .Name }}-svc.{{ .Namespace }}.svc.cluster.local - nodetool_host = localhost - nodetool_port = {{ .Params.JMX_PORT }} - {{ if ne .Params.JMX_LOCAL_ONLY "true" }} - nodetool_ssl = true - {{ end }} - - ; Command ran to verify if Cassandra is running on a node. Defaults to "nodetool version" - ;check_running = nodetool version - - [storage] - storage_provider = {{ .Params.BACKUP_AWS_S3_STORAGE_PROVIDER }} - ; storage_provider should be either of "local", "google_storage" or the s3_* values from - ; https://github.com/apache/libcloud/blob/trunk/libcloud/storage/types.py - - ; Name of the bucket used for storing backups - bucket_name = {{ .Params.BACKUP_AWS_S3_BUCKET_NAME }} - - ; JSON key file for service account with access to GCS bucket or AWS credentials file (home-dir/.aws/credentials) - ; aneumann: This does not work correctly with aws_security_token, therefore we inject the credentials via ENV-variables - ;key_file = /home/cassandra/.aws/credentials - - ; Path of the local storage bucket (used only with 'local' storage provider) - ;base_path = /path/to/backups - - ; Any prefix used for multitenancy in the same bucket - {{ if .Params.BACKUP_PREFIX }} - prefix = {{ .Params.BACKUP_PREFIX }} - {{ end }} - - ;fqdn = - - ; TODO aneumann: Make a parameter out of these two and test it - ; Number of days before backups are purged. 0 means backups don't get purged by age (default) - max_backup_age = 0 - ; Number of backups to retain. Older backups will get purged beyond that number. 0 means backups don't get purged by count (default) - max_backup_count = 0 - ; Both thresholds can be defined for backup purge. - - ; Used to throttle S3 backups/restores: - ; TODO aneumann: Make a parameter out of this - transfer_max_bandwidth = 50MB/s - - ; Max number of downloads/uploads. Not used by the GCS backend. - concurrent_transfers = 1 - - ; Size over which S3 uploads will be using the awscli with multi part uploads. Defaults to 100MB. - multi_part_upload_threshold = 104857600 - - [monitoring] - ;monitoring_provider = - - [ssh] - ;username = - ;key_file = - - [checks] - ;health_check = - ;query = - ;expected_rows = - ;expected_result = - - [logging] - ; Controls file logging, disabled by default. - ; enabled = 0 - ; file = medusa.log - level = DEBUG - - ; Control the log output format - ; format = [%(asctime)s] %(levelname)s: %(message)s - - ; Size over which log file will rotate - ; maxBytes = 20000000 - - ; How many log files to keep - ; backupCount = 50 \ No newline at end of file diff --git a/repository/cassandra/3.11/operator/templates/node-rbac.yaml b/repository/cassandra/3.11/operator/templates/node-rbac.yaml deleted file mode 100644 index 71e8295..0000000 --- a/repository/cassandra/3.11/operator/templates/node-rbac.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Name }}-node-role - namespace: {{ .Namespace }} -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get"] - - apiGroups: [""] - resources: ["pods/exec"] - verbs: ["create"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Name }}-node-{{ .Namespace }}-binding -subjects: - - kind: ServiceAccount - name: {{ .Name }}-sa - namespace: {{ .Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ .Name }}-node-role diff --git a/repository/cassandra/3.11/operator/templates/node-resolver-rbac.yaml b/repository/cassandra/3.11/operator/templates/node-resolver-rbac.yaml deleted file mode 100644 index 45fb2da..0000000 --- a/repository/cassandra/3.11/operator/templates/node-resolver-rbac.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Name }}-{{ .Namespace }}-node-role -rules: - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "watch", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Name }}-{{ .Namespace }}-node-role-binding -subjects: - - kind: ServiceAccount - name: {{ .Name }}-sa - namespace: {{ .Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Name }}-{{ .Namespace }}-node-role \ No newline at end of file diff --git a/repository/cassandra/3.11/operator/templates/node-scripts.yaml b/repository/cassandra/3.11/operator/templates/node-scripts.yaml deleted file mode 100644 index 629f9b7..0000000 --- a/repository/cassandra/3.11/operator/templates/node-scripts.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{ $auth_params := "" }} -{{ if .Params.AUTHENTICATION_SECRET_NAME }} -{{ $auth_params = "-u $(cat /etc/cassandra/authentication/username) -pwf <(paste -d ' ' /etc/cassandra/authentication/username /etc/cassandra/authentication/password)" }} -{{ end }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Name }}-node-scripts - namespace: {{ .Namespace }} -data: - node-drain.sh: | - {{ if ne $.Params.JMX_LOCAL_ONLY "true" }} - nodetool {{ $auth_params }} --ssl drain - {{ else }} - nodetool {{ $auth_params }} drain - {{ end }} - node-readiness-probe.sh: | - IS_NATIVE_TRANSPORT_RUNNING=`curl -s localhost:{{ $.Params.JOLOKIA_PORT }}/jolokia/read/org.apache.cassandra.db:type=StorageService/NativeTransportRunning | jq .value` - IS_NODE_LIVE=`curl -s localhost:{{ $.Params.JOLOKIA_PORT }}/jolokia/read/org.apache.cassandra.db:type=StorageService/LiveNodes | jq .value | grep -E ${POD_IP}` - echo "Native Transport Running: $IS_NATIVE_TRANSPORT_RUNNING, Live Node: $IS_NODE_LIVE (Expecting ${POD_IP})" - [[ $IS_NATIVE_TRANSPORT_RUNNING == "true" ]] && [[ $IS_NODE_LIVE != "" ]] - node-liveness-probe.sh: | - DEADLOCKED_THREADS=`curl -s localhost:{{ $.Params.JOLOKIA_PORT }}/jolokia/exec/java.lang:type=Threading/findDeadlockedThreads | jq .value` - echo "Deadlocked Threads: $DEADLOCKED_THREADS" - [[ $DEADLOCKED_THREADS == "null" ]] - generate-rackdc-properties.sh: | - # Generate the rackdc-properties - RACK=`kubectl get node -L$RACKLABEL | grep ${NODE_NAME} | awk '{print $6}'` - cat < /etc/cassandra/cassandra-rackdc.properties - dc=$CASSANDRA_DATACENTER - rack=$RACK - EOF - node-token-save.sh: | - # Used to capture the token map from a newly created cluster and save it - # Not used at the moment - if [ ! -f /var/lib/cassandra/token_map ]; then - while [ -z $NODE_TOKENS ]; do - NODE_ID=`nodetool info | grep ID | sed -n -e 's/ID[[:space:]]*\:[[:space:]]*\(.*\)$/\1/p'` - NODE_IP=`nodetool status | grep $NODE_ID | sed -n -e 's/UN[[:space:]]*\([0-9.]*\)[[:space:]]*.*/\1/p'` - NODE_TOKENS=`nodetool ring | grep $NODE_IP | awk '{ print $8 }' ORS=',' | sed 's/,$//'` - echo $NODE_TOKENS > /var/lib/cassandra/token_map - done - fi - restore-capture-tokenmap.sh: | - # Used as a start command for medusa restore to redirect the passed in token map for the actual startup - if [ ! -z "$JVM_OPTS" ]; then - echo "$JVM_OPTS" | sed -n -e 's/-Dcassandra.initial_token=\([-0-9,]*\)[[:space:]].*/\1/p' > /var/lib/cassandra/token_map - fi - prepare-medusa-ini.sh: | - # Adds JMX username and password_file to medusa config. - # Expects the original medusa config /etc/medusa/medusa.init.orig - # Expects JMX credentials in /etc/cassandra/authentication/username|password - cp /etc/medusa/medusa.ini.orig /etc/medusa/medusa.ini; - {{ if .Params.AUTHENTICATION_SECRET_NAME }} - echo `paste -d ' ' /etc/cassandra/authentication/username /etc/cassandra/authentication/password` > /etc/medusa/nodetool_password_file; - sed -i "/nodetool_password_file_path/c\\nodetool_password_file_path = /etc/medusa/nodetool_password_file" /etc/medusa/medusa.ini; - sed -i "/nodetool_username/c\\nodetool_username = $(cat /etc/cassandra/authentication/username)" /etc/medusa/medusa.ini; - sed -i "/cql_username/c\\cql_username = $(cat /etc/cassandra/authentication/username)" /etc/medusa/medusa.ini; - sed -i "/cql_password/c\\cql_password = $(cat /etc/cassandra/authentication/password)" /etc/medusa/medusa.ini; - {{ end }} - init-container-restore.sh: | - # Used to restore data in the init container of medusa - DATA_DIR=/var/lib/cassandra/data - if [ ! -d ${DATA_DIR} ] || [ -z "$(ls -A -- "${DATA_DIR}")" ]; then - FQDN="{{ .Params.RESTORE_OLD_NAME }}-node-$POD_ID.{{ .Params.RESTORE_OLD_NAME }}-svc.{{ .Params.RESTORE_OLD_NAMESPACE }}.svc.cluster.local" - echo "Start Restore for node '${FQDN}' from backup '{{ .Params.BACKUP_NAME }}' in prefix '{{ .Params.BACKUP_PREFIX }}'"; - mkdir -p ${DATA_DIR}; - /usr/local/bin/medusa --fqdn ${FQDN} restore-node --backup-name {{ .Params.BACKUP_NAME }} - else - echo "Skip Restore, the data directory for cassandra is not empty" - fi - wait-for-node-zero.sh: | - # With parallel startup of all nodes, we still need to make sure that the first node is reachable for all others, otherwise - # we may end up with separate clusters. So every node except node-0 waits for node-0 to be reachable - {{- if .Params.NODE_TOPOLOGY }} - NODE_ZERO={{ $.Name }}-{{ (index $.Params.NODE_TOPOLOGY 0).datacenter }}-node-0 - {{- else }} - NODE_ZERO={{ $.Name }}-node-0 - {{- end }} - echo "Testing if node $NODE_ZERO is reachable..."; - if [ "$POD_NAME" != "$NODE_ZERO" ]; then - while :; do cqlsh $NODE_ZERO.{{ $.Name }}-svc.{{ $.Namespace }}.svc.cluster.local -e "SELECT uuid() FROM system.local" > /dev/null 2>&1 && break; echo "Waiting for '$NODE_ZERO.{{ $.Name }}-svc.{{ $.Namespace }}.svc.cluster.local' to be available..."; sleep 5; done; - fi; diff --git a/repository/cassandra/3.11/operator/templates/pdb.yaml b/repository/cassandra/3.11/operator/templates/pdb.yaml deleted file mode 100644 index d9f25e5..0000000 --- a/repository/cassandra/3.11/operator/templates/pdb.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{ $topology := list 1 }} -{{ $nodeCount := $.Params.NODE_COUNT}} -{{ if $.Params.NODE_TOPOLOGY }} -{{ $topology = $.Params.NODE_TOPOLOGY }} -{{ end }} -{{ range $datacenter := $topology }} -{{ if $.Params.NODE_TOPOLOGY }} - {{ $nodeCount := $datacenter.nodes }} -{{ end }} -{{ $minAvailable := sub $nodeCount 1}} ---- -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - {{ if $.Params.NODE_TOPOLOGY }} - name: {{ $.Name }}-{{ $datacenter.datacenter }}-pdb - {{ else }} - name: {{ $.Name }}-pdb - {{ end }} - namespace: {{ $.Namespace }} -spec: - selector: - matchLabels: - app: {{ $.Name }} - cassandra: {{ $.OperatorName }} - {{ if $.Params.NODE_TOPOLOGY }} - cassandra-dc: {{ $.OperatorName }}-{{ $datacenter.datacenter }} - {{ end }} - kudo.dev/instance: {{ $.Name }} - minAvailable: {{ $minAvailable }} -{{ end }} \ No newline at end of file diff --git a/repository/cassandra/3.11/operator/templates/recovery-controller-rbac.yaml b/repository/cassandra/3.11/operator/templates/recovery-controller-rbac.yaml deleted file mode 100644 index ea0a275..0000000 --- a/repository/cassandra/3.11/operator/templates/recovery-controller-rbac.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Name }}-recovery-role -rules: - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "delete"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "delete"] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Name }}-recovery-controller - namespace: {{ .Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Name }}-recovery-rolebinding -subjects: - - kind: ServiceAccount - name: {{ .Name }}-recovery-controller - namespace: {{ .Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Name }}-recovery-role \ No newline at end of file diff --git a/repository/cassandra/3.11/operator/templates/recovery-controller.yaml b/repository/cassandra/3.11/operator/templates/recovery-controller.yaml deleted file mode 100644 index 00b3d9a..0000000 --- a/repository/cassandra/3.11/operator/templates/recovery-controller.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ $.Name }}-recovery-controller - namespace: {{ $.Namespace }} - labels: - app: {{ $.Name }}-recovery-controller -spec: - selector: - matchLabels: - app: {{ $.Name }}-recovery-controller - serviceName: {{ $.Name }}-svc - replicas: 1 - template: - metadata: - labels: - app: {{ $.Name }}-recovery-controller - kudo.dev/instance: {{ $.Name }} - spec: - serviceAccount: {{ $.Name }}-recovery-controller - containers: - - name: recovery-controller - image: {{ $.Params.RECOVERY_CONTROLLER_DOCKER_IMAGE }} - imagePullPolicy: {{ $.Params.RECOVERY_CONTROLLER_DOCKER_IMAGE_PULL_POLICY }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_NAME - value: {{ $.Name }} - - name: EVICTION_LABEL - value: "kudo-cassandra/evict" - resources: - requests: - memory: "{{ $.Params.RECOVERY_CONTROLLER_MEM_MIB }}Mi" - cpu: "{{ $.Params.RECOVERY_CONTROLLER_CPU_MC }}m" - limits: - memory: "{{ $.Params.RECOVERY_CONTROLLER_MEM_LIMIT_MIB }}Mi" - cpu: "{{ $.Params.RECOVERY_CONTROLLER_CPU_LIMIT_MC }}m" diff --git a/repository/cassandra/3.11/operator/templates/repair-job.yaml b/repository/cassandra/3.11/operator/templates/repair-job.yaml deleted file mode 100644 index c8687db..0000000 --- a/repository/cassandra/3.11/operator/templates/repair-job.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ $auth_params := "" }} -{{ if .Params.AUTHENTICATION_SECRET_NAME }} -{{ $auth_params = "-u \\\\$(cat /etc/cassandra/authentication/username) -pwf <(paste -d ' ' /etc/cassandra/authentication/username /etc/cassandra/authentication/password)" }} -{{ end }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $.Name }}-node-repair-job - namespace: {{ $.Namespace }} - labels: - cassandra: {{ $.OperatorName }} - app: {{ $.Name }} -spec: - backoffLimit: 0 - template: - spec: - containers: - - name: repair-job - image: bitnami/kubectl:{{ $.Params.KUBECTL_VERSION }} - command: ["/bin/bash"] - args: [ "-c", "kubectl exec {{ $.Params.REPAIR_POD }} -- /bin/bash -c \"nodetool {{ $auth_params }} repair\""] - restartPolicy: Never - serviceAccountName: {{ .Name }}-sa diff --git a/repository/cassandra/3.11/operator/templates/service-monitor.yaml b/repository/cassandra/3.11/operator/templates/service-monitor.yaml deleted file mode 100644 index 6f0ef70..0000000 --- a/repository/cassandra/3.11/operator/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ .Name }}-monitor - namespace: {{ .Namespace }} - labels: - app: prometheus-operator - release: prometheus-kubeaddons -spec: - endpoints: - - interval: 30s - port: prometheus-exporter-port - namespaceSelector: - matchNames: - - {{ .Namespace }} - selector: - matchLabels: - kudo.dev/instance: {{ .Name }} - kudo.dev/servicemonitor: "true" diff --git a/repository/cassandra/3.11/operator/templates/service.yaml b/repository/cassandra/3.11/operator/templates/service.yaml deleted file mode 100644 index 659a612..0000000 --- a/repository/cassandra/3.11/operator/templates/service.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Name }}-svc - namespace: {{ .Namespace }} - {{ if eq .Params.PROMETHEUS_EXPORTER_ENABLED "true" }} - labels: - kudo.dev/servicemonitor: "true" - {{ end }} -spec: - ports: - - port: {{ .Params.STORAGE_PORT }} - name: storage - - port: {{ .Params.SSL_STORAGE_PORT }} - name: ssl-storage - - port: {{ .Params.NATIVE_TRANSPORT_PORT }} - name: native-transport - {{ if eq .Params.START_RPC "true" }} - - port: {{ .Params.RPC_PORT }} - name: rpc - {{ end }} - {{ if ne .Params.JMX_LOCAL_ONLY "true" }} - - port: {{ .Params.JMX_PORT }} - name: jmx - - port: {{ .Params.RMI_PORT }} - name: rmi - {{ end }} - {{ if eq .Params.PROMETHEUS_EXPORTER_ENABLED "true" }} - - port: {{ .Params.PROMETHEUS_EXPORTER_PORT }} - name: prometheus-exporter-port - {{ end }} - selector: - app: {{ .Name }} - kudo.dev/instance: {{ .Name }} diff --git a/repository/cassandra/3.11/operator/templates/stateful-set.yaml b/repository/cassandra/3.11/operator/templates/stateful-set.yaml deleted file mode 100644 index 49a44d2..0000000 --- a/repository/cassandra/3.11/operator/templates/stateful-set.yaml +++ /dev/null @@ -1,759 +0,0 @@ -{{ $topology := list 1 }} -{{ if $.Params.NODE_TOPOLOGY }} -{{ $topology = $.Params.NODE_TOPOLOGY }} -{{ end }} -{{ range $datacenter := $topology }} ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - {{ if $.Params.NODE_TOPOLOGY }} - name: {{ $.Name }}-{{ $datacenter.datacenter }}-node - {{ else }} - name: {{ $.Name }}-node - {{ end }} - namespace: {{ $.Namespace }} - labels: - cassandra: {{ $.OperatorName }} - app: {{ $.Name }} - annotations: - reloader.kudo.dev/auto: "true" -spec: - selector: - matchLabels: - app: {{ $.Name }} - cassandra: {{ $.OperatorName }} - serviceName: {{ $.Name }}-svc - {{ if $.Params.NODE_TOPOLOGY }} - replicas: {{ $datacenter.nodes }} - {{ else }} - replicas: {{ $.Params.NODE_COUNT }} - {{ end }} - podManagementPolicy: {{ $.Params.POD_MANAGEMENT_POLICY }} - template: - metadata: - labels: - app: {{ $.Name }} - cassandra: {{ $.OperatorName }} - {{ if $.Params.NODE_TOPOLOGY }} - cassandra-dc: {{ $.OperatorName }}-{{ $datacenter.datacenter }} - {{ end }} - kudo.dev/instance: {{ $.Name }} - spec: - serviceAccountName: {{ $.Name }}-sa - {{ if $.Params.NODE_TOPOLOGY }} - nodeSelector: - {{ range $k, $v := $datacenter.datacenterLabels }} - {{ $k }}: {{ $v }} - {{ end }} - {{ end }} - {{ if $.Params.NODE_TOLERATIONS }} - tolerations: -{{ toYaml $.Params.NODE_TOLERATIONS | trim | indent 6 }} - {{ end }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: "kudo-cassandra/cordon" - operator: DoesNotExist - {{ if $.Params.NODE_TOPOLOGY }} - - key: {{ $datacenter.rackLabelKey }} - operator: In - values: - {{ range $rack := $datacenter.racks }} - - {{ $rack.rackLabelValue }} - {{ end }} - {{ end }} - podAntiAffinity: - {{ if (eq $.Params.NODE_ANTI_AFFINITY "true") }} - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - {{ $.Name }} - topologyKey: "kubernetes.io/hostname" - {{ end }} - {{ if $.Params.NODE_TOPOLOGY }} - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - {{ $.Name }} - topologyKey: "{{ $datacenter.rackLabelKey }}" - {{ end }} - securityContext: - # FIXME(mpereira): are the two settings below necessary? - # allowPrivilegeEscalation: false - # privileged: false - runAsNonRoot: true - # 999 is the "cassandra" user created in the Dockerfile: - # https://github.com/docker-library/cassandra/blob/master/3.11/Dockerfile - runAsUser: 999 - runAsGroup: 999 - # fsGroup is necessary for setting volume mount directory gids. It needs - # to be specified at the pod level. - fsGroup: 999 - # FIXME(mpereira): sysctls need to be whitelisted at kubelet startup - # time. See https://jira.mesosphere.com/browse/DCOS-59219. - # sysctls: - # - name: fs.file-max - # value: "1048575" - # - name: vm.max_map_count - # value: "1048575" - # - name: vm.swapiness - # value: "1" - containers: - - name: cassandra - image: {{ $.Params.NODE_DOCKER_IMAGE }} - imagePullPolicy: {{ $.Params.NODE_DOCKER_IMAGE_PULL_POLICY }} - securityContext: - capabilities: - add: - # TODO(mpereira): add an operator parameter for "memory lock" so - # that this capability and a respective Docker image with - # `setcap`ed binaries are conditionally used. - - IPC_LOCK - # FIXME(mpereira): might not be necessary given DCOS-59219. - - SYS_RESOURCE - lifecycle: - preStop: - exec: - command: - - /bin/bash - - /etc/cassandra/node-drain.sh - readinessProbe: - exec: - command: - - /bin/bash - - /etc/cassandra/node-readiness-probe.sh - initialDelaySeconds: {{ $.Params.NODE_READINESS_PROBE_INITIAL_DELAY_S }} - periodSeconds: {{ $.Params.NODE_READINESS_PROBE_PERIOD_S }} - timeoutSeconds: {{ $.Params.NODE_READINESS_PROBE_TIMEOUT_S }} - successThreshold: {{ $.Params.NODE_READINESS_PROBE_SUCCESS_THRESHOLD }} - failureThreshold: {{ $.Params.NODE_READINESS_PROBE_FAILURE_THRESHOLD }} - livenessProbe: - exec: - command: - - /bin/bash - - /etc/cassandra/node-liveness-probe.sh - initialDelaySeconds: {{ $.Params.NODE_LIVENESS_PROBE_INITIAL_DELAY_S }} - periodSeconds: {{ $.Params.NODE_LIVENESS_PROBE_PERIOD_S }} - timeoutSeconds: {{ $.Params.NODE_LIVENESS_PROBE_TIMEOUT_S }} - successThreshold: {{ $.Params.NODE_LIVENESS_PROBE_SUCCESS_THRESHOLD }} - failureThreshold: {{ $.Params.NODE_LIVENESS_PROBE_FAILURE_THRESHOLD }} - command: - - bash - - -c - args: - - /etc/cassandra/generate-cassandra-yaml.sh; - {{ if ne $.Params.JMX_LOCAL_ONLY "true" }} - /etc/cassandra/generate-nodetool-ssl-properties.sh && - cp /etc/cassandra/nodetool-ssl.properties /home/cassandra/.cassandra/nodetool-ssl.properties; - {{ end }} - /etc/cassandra-bootstrap/bootstrap wait & - cassandra -f - # Comment the `command` above and uncomment the one below if pods are - # crash-looping and you would like to investigate their state. This is - # analogous to a `pod pause` in SDK-land. - # command: - # - bash - # - -c - # - "while true; do echo 'sleeping...'; sleep 5; done" - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - - name: PROMETHEUS_EXPORTER_ENABLED - value: "{{ $.Params.PROMETHEUS_EXPORTER_ENABLED }}" - - name: CASSANDRA_IP_LOCK_CM - value: "{{ $.Name }}-topology-lock" - - name: BOOTSTRAP_TIMEOUT - value: "{{ $.Params.BOOTSTRAP_TIMEOUT }}" - - name: JMX_PORT - value: "{{ $.Params.JMX_PORT }}" - - name: USE_SSL - {{ if eq $.Params.JMX_LOCAL_ONLY "true" }} - value: "false" - {{ else }} - value: "true" - {{ end }} - resources: - requests: - memory: "{{ $.Params.NODE_MEM_MIB }}Mi" - cpu: "{{ $.Params.NODE_CPU_MC }}m" - limits: - memory: "{{ $.Params.NODE_MEM_LIMIT_MIB }}Mi" - cpu: "{{ $.Params.NODE_CPU_LIMIT_MC }}m" - # Port names can't be longer than 15 characters. - ports: - - containerPort: {{ $.Params.STORAGE_PORT }} - name: storage - - containerPort: {{ $.Params.SSL_STORAGE_PORT }} - name: ssl-storage - - containerPort: {{ $.Params.NATIVE_TRANSPORT_PORT }} - name: native - {{ if eq $.Params.START_RPC "true" }} - - containerPort: {{ $.Params.RPC_PORT }} - name: rpc - {{ end }} - - containerPort: {{ $.Params.JMX_PORT }} - name: jmx - volumeMounts: - - name: var-lib-cassandra - mountPath: /var/lib/cassandra/ - # Overwriting /etc/cassandra/ available in the Docker image. - - name: etc-cassandra - mountPath: /etc/cassandra/ - - name: truststore-credentials - mountPath: /etc/cassandra/truststore - readOnly: yes - - name: generate-cassandra-yaml - mountPath: /etc/cassandra/generate-cassandra-yaml.sh - subPath: generate-cassandra-yaml.sh - - name: cassandra-env-sh - mountPath: /etc/cassandra/cassandra-env.sh - subPath: cassandra-env.sh - - name: jvm-options - mountPath: /etc/cassandra/jvm.options - subPath: jvm.options - - name: node-scripts - mountPath: /etc/cassandra/node-drain.sh - subPath: node-drain.sh - - name: node-scripts - mountPath: /etc/cassandra/node-readiness-probe.sh - subPath: node-readiness-probe.sh - - name: node-scripts - mountPath: /etc/cassandra/node-liveness-probe.sh - subPath: node-liveness-probe.sh - - name: node-scripts - mountPath: /etc/cassandra/node-token-save.sh - subPath: node-token-save.sh - - name: dot-cassandra - mountPath: /home/cassandra/.cassandra/ - {{ if or (eq $.Params.TRANSPORT_ENCRYPTION_ENABLED "true") (eq $.Params.TRANSPORT_ENCRYPTION_CLIENT_ENABLED "true") (ne $.Params.JMX_LOCAL_ONLY "true") }} - - name: {{ $.Params.TLS_SECRET_NAME }} - mountPath: /etc/tls/certs - - name: generate-tls-artifacts - mountPath: /etc/tls/bin - {{ end }} - {{ if ne $.Params.JMX_LOCAL_ONLY "true" }} - - name: generate-nodetool-ssl-properties - mountPath: /etc/cassandra/generate-nodetool-ssl-properties.sh - subPath: generate-nodetool-ssl-properties.sh - {{ end }} - {{ if $.Params.AUTHENTICATION_SECRET_NAME }} - - name: authentication-secret - mountPath: /etc/cassandra/authentication - readOnly: true - {{ end }} - {{ if eq $.Params.PROMETHEUS_EXPORTER_ENABLED "true" }} - - name: prometheus-exporter - image: {{ $.Params.PROMETHEUS_EXPORTER_DOCKER_IMAGE }} - imagePullPolicy: {{ $.Params.PROMETHEUS_EXPORTER_DOCKER_IMAGE_PULL_POLICY }} - command: - - bash - - -c - args: - - {{ if ne $.Params.JMX_LOCAL_ONLY "true" }} - /etc/cassandra/generate-nodetool-ssl-properties.sh; - while IFS= read -r flag; do - JVM_OPTS="${JVM_OPTS} $flag"; - done < /etc/cassandra/nodetool-ssl.properties; - {{ end }} - bash -c /cassandra-exporter-config/setup.sh; - JVM_OPTS="${JVM_OPTS}" /sbin/dumb-init /bin/bash /run.sh; - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - resources: - requests: - memory: "{{ $.Params.PROMETHEUS_EXPORTER_MEM_MIB }}Mi" - cpu: "{{ $.Params.PROMETHEUS_EXPORTER_CPU_MC }}m" - limits: - memory: "{{ $.Params.PROMETHEUS_EXPORTER_MEM_LIMIT_MIB }}Mi" - cpu: "{{ $.Params.PROMETHEUS_EXPORTER_CPU_LIMIT_MC }}m" - volumeMounts: - - name: etc-cassandra-exporter - mountPath: /etc/cassandra_exporter/ - - name: cassandra-exporter-config-yml - mountPath: /cassandra-exporter-config/ - {{ if ne $.Params.JMX_LOCAL_ONLY "true" }} - - name: etc-cassandra - mountPath: /etc/cassandra/ - - name: generate-nodetool-ssl-properties - mountPath: /etc/cassandra/generate-nodetool-ssl-properties.sh - subPath: generate-nodetool-ssl-properties.sh - {{ end }} - {{ if $.Params.PROMETHEUS_EXPORTER_CUSTOM_CONFIG_CM_NAME }} - - name: custom-exporter-configuration - mountPath: /custom-configuration - {{ end }} - {{ end }} - {{ if eq $.Params.BACKUP_RESTORE_ENABLED "true" }} - - name: medusa-backup - image: {{ $.Params.BACKUP_MEDUSA_DOCKER_IMAGE }} - imagePullPolicy: {{ $.Params.BACKUP_MEDUSA_DOCKER_IMAGE_PULL_POLICY }} - command: - - bash - - -c - args: - - /etc/cassandra/generate-cassandra-yaml.sh; - {{ if ne $.Params.JMX_LOCAL_ONLY "true" }} - /etc/cassandra/generate-nodetool-ssl-properties.sh && - cp /etc/cassandra/nodetool-ssl.properties /home/cassandra/.cassandra/nodetool-ssl.properties; - {{ end }} - /etc/cassandra/prepare-medusa-ini.sh; - sleep infinity - env: - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ $.Params.BACKUP_AWS_CREDENTIALS_SECRET }} - key: access-key - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ $.Params.BACKUP_AWS_CREDENTIALS_SECRET }} - key: secret-key - - name: AWS_SECURITY_TOKEN - valueFrom: - secretKeyRef: - name: {{ $.Params.BACKUP_AWS_CREDENTIALS_SECRET }} - key: security-token - optional: true - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - resources: - requests: - memory: "{{ $.Params.BACKUP_MEDUSA_MEM_MIB }}Mi" - cpu: "{{ $.Params.BACKUP_MEDUSA_CPU_MC }}m" - limits: - memory: "{{ $.Params.BACKUP_MEDUSA_MEM_LIMIT_MIB }}Mi" - cpu: "{{ $.Params.BACKUP_MEDUSA_CPU_LIMIT_MC }}m" - ports: - - containerPort: 8082 - name: management - volumeMounts: - - name: var-lib-cassandra - mountPath: /var/lib/cassandra/ - # Overwriting /etc/cassandra/ available in the Docker image. - - name: etc-cassandra - mountPath: /etc/cassandra/ - - name: truststore-credentials - mountPath: /etc/cassandra/truststore - readOnly: yes - - name: generate-cassandra-yaml - mountPath: /etc/cassandra/generate-cassandra-yaml.sh - subPath: generate-cassandra-yaml.sh - - name: etc-medusa - mountPath: /etc/medusa/ - - name: cassandra-medusa-config-ini - mountPath: /etc/medusa/medusa.ini.orig - subPath: medusa.ini - - name: node-scripts - mountPath: /etc/cassandra/prepare-medusa-ini.sh - subPath: prepare-medusa-ini.sh - {{ if ne $.Params.JMX_LOCAL_ONLY "true" }} - - name: dot-cassandra - mountPath: /home/cassandra/.cassandra/ - - name: generate-nodetool-ssl-properties - mountPath: /etc/cassandra/generate-nodetool-ssl-properties.sh - subPath: generate-nodetool-ssl-properties.sh - {{ end }} - {{ if $.Params.AUTHENTICATION_SECRET_NAME }} - - name: authentication-secret - mountPath: /etc/cassandra/authentication - readOnly: true - {{ end }} - {{ end }} - initContainers: - {{ if $.Params.NODE_TOPOLOGY }} - - name: node-resolver - image: bitnami/kubectl:{{ $.Params.KUBECTL_VERSION }} - command: - - "sh" - - "-c" - - "/etc/cassandra/generate-rackdc-properties.sh" - env: - - name: RACKLABEL - value: "{{ $datacenter.rackLabelKey }}" - - name: CASSANDRA_DATACENTER - value: "{{ $datacenter.datacenter }}" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - volumeMounts: - - name: etc-cassandra - mountPath: /etc/cassandra/ - - name: node-scripts - mountPath: /etc/cassandra/generate-rackdc-properties.sh - subPath: generate-rackdc-properties.sh - resources: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "256Mi" - cpu: "200m" - {{ end }} - {{ if eq $.Params.RESTORE_FLAG "true" }} - - name: medusa-restore - image: {{ $.Params.BACKUP_MEDUSA_DOCKER_IMAGE }} - imagePullPolicy: {{ $.Params.BACKUP_MEDUSA_DOCKER_IMAGE_PULL_POLICY }} - command: - - bash - - -c - args: - - /etc/cassandra/generate-cassandra-yaml.sh; - {{ if ne $.Params.JMX_LOCAL_ONLY "true" }} - /etc/cassandra/generate-nodetool-ssl-properties.sh && - cp /etc/cassandra/nodetool-ssl.properties /home/cassandra/.cassandra/nodetool-ssl.properties; - {{ end }} - /etc/cassandra/prepare-medusa-ini.sh; - export POD_ID=`echo $POD_NAME | sed -n -e 's/.*-node-\([0-9]\{1,4\}\)$/\1/p'`; - /etc/cassandra/init-container-restore.sh - env: - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ $.Params.BACKUP_AWS_CREDENTIALS_SECRET }} - key: access-key - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ $.Params.BACKUP_AWS_CREDENTIALS_SECRET }} - key: secret-key - - name: AWS_SECURITY_TOKEN - valueFrom: - secretKeyRef: - name: {{ $.Params.BACKUP_AWS_CREDENTIALS_SECRET }} - key: security-token - optional: true - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - resources: - requests: - memory: "{{ $.Params.BACKUP_MEDUSA_MEM_MIB }}Mi" - cpu: "{{ $.Params.BACKUP_MEDUSA_CPU_MC }}m" - limits: - memory: "{{ $.Params.BACKUP_MEDUSA_MEM_LIMIT_MIB }}Mi" - cpu: "{{ $.Params.BACKUP_MEDUSA_CPU_LIMIT_MC }}m" - volumeMounts: - - name: var-lib-cassandra - mountPath: /var/lib/cassandra/ - # Overwriting /etc/cassandra/ available in the Docker image. - - name: etc-cassandra - mountPath: /etc/cassandra/ - - name: truststore-credentials - mountPath: /etc/cassandra/truststore - readOnly: yes - - name: generate-cassandra-yaml - mountPath: /etc/cassandra/generate-cassandra-yaml.sh - subPath: generate-cassandra-yaml.sh - - name: etc-medusa - mountPath: /etc/medusa/ - - name: cassandra-medusa-config-ini - mountPath: /etc/medusa/medusa.ini.orig - subPath: medusa.ini - - name: node-scripts - mountPath: /etc/cassandra/restore-capture-tokenmap.sh - subPath: restore-capture-tokenmap.sh - - name: node-scripts - mountPath: /etc/cassandra/init-container-restore.sh - subPath: init-container-restore.sh - - name: node-scripts - mountPath: /etc/cassandra/prepare-medusa-ini.sh - subPath: prepare-medusa-ini.sh - {{ if ne $.Params.JMX_LOCAL_ONLY "true" }} - - name: dot-cassandra - mountPath: /home/cassandra/.cassandra/ - - name: generate-nodetool-ssl-properties - mountPath: /etc/cassandra/generate-nodetool-ssl-properties.sh - subPath: generate-nodetool-ssl-properties.sh - {{ end }} - {{ if $.Params.AUTHENTICATION_SECRET_NAME }} - - name: authentication-secret - mountPath: /etc/cassandra/authentication - readOnly: true - {{ end }} - {{ end }} - - name: bootstrap - image: {{ $.Params.NODE_DOCKER_IMAGE }} - imagePullPolicy: {{ $.Params.NODE_DOCKER_IMAGE_PULL_POLICY }} - securityContext: - capabilities: - add: - # TODO(mpereira): add an operator parameter for "memory lock" so - # that this capability and a respective Docker image with - # `setcap`ed binaries are conditionally used. - - IPC_LOCK - # FIXME(mpereira): might not be necessary given DCOS-59219. - - SYS_RESOURCE - command: - - bash - - -c - args: - - {{ if or (eq $.Params.TRANSPORT_ENCRYPTION_ENABLED "true") (eq $.Params.TRANSPORT_ENCRYPTION_CLIENT_ENABLED "true") (ne $.Params.JMX_LOCAL_ONLY "true") }} - /etc/tls/bin/generate-tls-artifacts.sh; - {{ end }} - {{ if ne $.Params.JMX_LOCAL_ONLY "true" }} - /etc/cassandra/generate-nodetool-ssl-properties.sh && - cp /etc/cassandra/nodetool-ssl.properties /home/cassandra/.cassandra/nodetool-ssl.properties; - {{ end }} - /etc/cassandra/generate-cqlshrc.sh; - /etc/cassandra/wait-for-node-zero.sh; - /etc/cassandra-bootstrap/bootstrap init - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CASSANDRA_IP_LOCK_CM - value: "{{ $.Name }}-topology-lock" - - name: BOOTSTRAP_TIMEOUT - value: "{{ $.Params.BOOTSTRAP_TIMEOUT }}" - - name: SHUTDOWN_OLD_REACHABLE_NODE - value: "{{ $.Params.SHUTDOWN_OLD_REACHABLE_NODE }}" - - name: JMX_PORT - value: "{{ $.Params.JMX_PORT }}" - - name: USE_SSL - {{ if eq $.Params.JMX_LOCAL_ONLY "true" }} - value: "false" - {{ else }} - value: "true" - {{ end }} - volumeMounts: - - name: etc-cassandra - mountPath: /etc/cassandra/ - - name: var-lib-cassandra - mountPath: /var/lib/cassandra/ - - name: dot-cassandra - mountPath: /home/cassandra/.cassandra/ - - name: truststore-credentials - mountPath: /etc/cassandra/truststore - readOnly: yes - - name: generate-cqlshrc-sh - mountPath: /etc/cassandra/generate-cqlshrc.sh - subPath: generate-cqlshrc.sh - - name: node-scripts - mountPath: /etc/cassandra/wait-for-node-zero.sh - subPath: wait-for-node-zero.sh - {{ if or (eq $.Params.TRANSPORT_ENCRYPTION_ENABLED "true") (eq $.Params.TRANSPORT_ENCRYPTION_CLIENT_ENABLED "true") (ne $.Params.JMX_LOCAL_ONLY "true") }} - - name: {{ $.Params.TLS_SECRET_NAME }} - mountPath: /etc/tls/certs - - name: generate-tls-artifacts - mountPath: /etc/tls/bin - {{ end }} - {{ if ne $.Params.JMX_LOCAL_ONLY "true" }} - - name: generate-nodetool-ssl-properties - mountPath: /etc/cassandra/generate-nodetool-ssl-properties.sh - subPath: generate-nodetool-ssl-properties.sh - {{ end }} - {{ if $.Params.AUTHENTICATION_SECRET_NAME }} - - name: authentication-secret - mountPath: /etc/cassandra/authentication - readOnly: true - {{ end }} - resources: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "256Mi" - cpu: "200m" - volumes: - # Overwriting /etc/cassandra/ available in the Docker image. - - name: etc-cassandra - emptyDir: {} - - name: generate-cassandra-yaml - configMap: - name: {{ $.Name }}-generate-cassandra-yaml - defaultMode: 0755 - - name: cassandra-env-sh - configMap: - name: {{ $.Name }}-cassandra-env-sh - - name: jvm-options - configMap: - name: {{ $.Name }}-jvm-options - - name: node-scripts - configMap: - name: {{ $.Name }}-node-scripts - defaultMode: 0755 - - name: dot-cassandra - emptyDir: {} - - name: generate-cqlshrc-sh - configMap: - name: {{ $.Name }}-generate-cqlshrc-sh - defaultMode: 0755 - {{ if eq $.Params.PROMETHEUS_EXPORTER_ENABLED "true" }} - - name: cassandra-exporter-config-yml - configMap: - name: {{ $.Name }}-cassandra-exporter-config-yml - defaultMode: 0755 - - name: etc-cassandra-exporter - emptyDir: {} - {{ if $.Params.PROMETHEUS_EXPORTER_CUSTOM_CONFIG_CM_NAME }} - - name: custom-exporter-configuration - configMap: - name: {{ $.Params.PROMETHEUS_EXPORTER_CUSTOM_CONFIG_CM_NAME }} - {{ end }} - {{ end }} - {{ if eq $.Params.BACKUP_RESTORE_ENABLED "true" }} - - name: etc-medusa - emptyDir: {} - - name: cassandra-medusa-config-ini - configMap: - name: {{ $.Name }}-cassandra-medusa-ini - {{ end }} - {{ if or (eq $.Params.TRANSPORT_ENCRYPTION_ENABLED "true") (eq $.Params.TRANSPORT_ENCRYPTION_CLIENT_ENABLED "true") (ne $.Params.JMX_LOCAL_ONLY "true") }} - - name: {{ $.Params.TLS_SECRET_NAME }} - secret: - secretName: {{ $.Params.TLS_SECRET_NAME }} - - name: generate-tls-artifacts - configMap: - name: {{ $.Name }}-generate-tls-artifacts-sh - defaultMode: 0755 - {{ end }} - {{ if ne $.Params.JMX_LOCAL_ONLY "true" }} - - name: generate-nodetool-ssl-properties - configMap: - name: {{ $.Name }}-generate-nodetool-ssl-properties - defaultMode: 0755 - {{ end }} - {{ if $.Params.AUTHENTICATION_SECRET_NAME }} - - name: authentication-secret - secret: - secretName: {{ $.Params.AUTHENTICATION_SECRET_NAME }} - {{ end }} - - name: truststore-credentials - secret: - secretName: {{ $.Name }}-tls-store-credentials - volumeClaimTemplates: - - metadata: - name: var-lib-cassandra - # The annotation below result in the volume only be writable by Pods - # using the same GID. - # https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#access-control - annotations: - pv.beta.kubernetes.io/gid: "999" - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: "{{ $.Params.NODE_DISK_SIZE_GIB }}Gi" - {{ if $.Params.NODE_STORAGE_CLASS }} - storageClassName: {{ $.Params.NODE_STORAGE_CLASS }} - {{ end }} -{{ end }} diff --git a/repository/cassandra/3.11/operator/templates/tls-store-credentials.yaml b/repository/cassandra/3.11/operator/templates/tls-store-credentials.yaml deleted file mode 100644 index b6605e4..0000000 --- a/repository/cassandra/3.11/operator/templates/tls-store-credentials.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ $.Name}}-tls-store-credentials -type: Opaque -data: - keystore_password: Y2Fzc2FuZHJh - truststore_password: Y2Fzc2FuZHJh diff --git a/repository/cassandra/README.md b/repository/cassandra/README.md new file mode 100644 index 0000000..46d6d63 --- /dev/null +++ b/repository/cassandra/README.md @@ -0,0 +1,5 @@ +# Moved + +The Cassandra operator lives in a separate repository: https://github.com/mesosphere/kudo-cassandra-operator + +All changes should be made there \ No newline at end of file