druid-operator
druid-operator copied to clipboard
Published
20 hours ago •
datainfrahq
datainfrahq
Kerberised Druid issue
I am running mm-less kerberized druid on k8s. But while running kafka task peons are using ip address when they are doing authentication from kerberos Van someone help me with that
Configuration:
apiVersion: "druid.apache.org/v1alpha1" kind: "Druid" metadata: name: druid namespace: druid spec: image: apache-druid:28.0.1 startScript: /druid.sh podLabels: app.kubernetes.io/instance: druid app.kubernetes.io/managed-by: druid-operator app.kubernetes.io/name: druid serviceAccount: druid readinessProbe: httpGet: path: /status/health port: 8088 securityContext: fsGroup: 0 runAsUser: 0 runAsGroup: 0 services: - spec: type: ClusterIP clusterIP: None commonConfigMountPath: "/opt/druid/conf/druid/cluster/_common" jvm.options: |- -server -XX:MaxDirectMemorySize=10240g -Duser.timezone=UTC -Dfile.encoding=UTF-8 -Dlog4j.debug -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Djava.io.tmpdir=/druid/data -Dsun.security.krb5.debug=true -Dsun.security.jgss.debug=true -Dsun.security.spnego.debug=true -Djava.security.auth.login.config=/opt/druid/conf/druid/kafka_jaas.conf
log4j.config: |- <Configuration status="WARN"> <Appenders> <Console name="Console" target="SYSTEM_OUT"> <PatternLayout pattern="%d{ISO8601} %p [%t] %c - %m%n"/> </Console> </Appenders> <Loggers> <Root level="info"> <AppenderRef ref="Console"/> </Root> </Loggers> </Configuration> common.runtime.properties: |
# K8S Service discovery
druid.zk.service.enabled=false
druid.serverview.type=http
druid.coordinator.loadqueuepeon.type=http
druid.indexer.runner.type=k8s
druid.discovery.type=k8s
druid.discovery.k8s.clusterIdentifier=druid
druid.indexer.task.encapsulatedTask=true
druid.indexer.runner.namespace=druid
druid.indexer.runner.capacity=10
# Metadata Store
druid.metadata.storage.type=mysql
druid.metadata.storage.connector.connectURI=jdbc:mysql://xxxx:3306/druid
druid.metadata.storage.connector.user=root
druid.auth.authenticator.xxx-authenticator.cookieSignatureSecret="xxxx"
druid.metadata.storage.connector.password={ "type": "environment", "variable": "METADATA_STORAGE_PASSWORD" }
# Deep Storage
druid.storage.type=google
druid.google.bucket=druid
druid.google.prefix=druid/segments
# druid.storage.storageDirectory=/druid/deepstorage
#
# Extensions
#
druid.extensions.loadList=["druid-kafka-indexing-service", "druid-kubernetes-extensions","druid-google-extensions","druid-kubernetes-overlord-extensions","mysql-metadata-storage","prometheus-emitter","druid-kubernetes-overlord-extensions","druid-protobuf-extensions", "druid-avro-extensions", "druid-parquet-extensions", "druid-orc-extensions", "druid-datasketches","druid-kerberos","druid-basic-security"]
#
# Service discovery
#
druid.selectors.indexing.serviceName=druid/overlord
druid.selectors.coordinator.serviceName=druid/coordinator
# druid.indexer.logs.type=file
# druid.indexer.logs.directory=/druid/data/indexing-logs
# druid.lookup.enableLookupSyncOnStartup=false
druid.indexer.logs.type=google
druid.indexer.logs.bucket=druid
druid.indexer.logs.prefix=druid/indexing-logs
# druid.emitter = prometheus
druid.emitter=composing
druid.emitter.composing.emitters=["prometheus", "logging"]
druid.emitter.prometheus.port=9090
druid.emitter.prometheus.addServiceAsLabel=true
druid.monitoring.monitors=["org.apache.druid.client.cache.CacheMonitor","org.apache.druid.java.util.metrics.JvmMonitor","org.apache.druid.java.util.metrics.JvmCpuMonitor","org.apache.druid.java.util.metrics.JvmThreadsMonitor","org.apache.druid.server.metrics.EventReceiverFirehoseMonitor","org.apache.druid.server.metrics.EventReceiverFirehoseMonitor"]
druid.processing.intermediaryData.storage.type=deepstore
metricDimensions.json: |- { "query/time" : { "dimensions" : ["dataSource", "type"], "type" : "timer"}, "query/bytes" : { "dimensions" : ["dataSource", "type"], "type" : "count"}, "query/node/time" : { "dimensions" : ["server"], "type" : "timer"}, "query/node/ttfb" : { "dimensions" : ["server"], "type" : "timer"}, "query/node/bytes" : { "dimensions" : ["server"], "type" : "count"}, "query/node/backpressure": { "dimensions" : ["server"], "type" : "timer"}, "query/intervalChunk/time" : { "dimensions" : [], "type" : "timer"},
"query/segment/time" : { "dimensions" : [], "type" : "timer"},
"query/wait/time" : { "dimensions" : [], "type" : "timer"},
"segment/scan/pending" : { "dimensions" : [], "type" : "gauge"},
"query/segmentAndCache/time" : { "dimensions" : [], "type" : "timer" },
"query/cpu/time" : { "dimensions" : ["dataSource", "type"], "type" : "timer" },
"query/count" : { "dimensions" : [], "type" : "count" },
"query/success/count" : { "dimensions" : [], "type" : "count" },
"query/failed/count" : { "dimensions" : [], "type" : "count" },
"query/interrupted/count" : { "dimensions" : [], "type" : "count" },
"query/timeout/count" : { "dimensions" : [], "type" : "count" },
"query/cache/delta/numEntries" : { "dimensions" : [], "type" : "count" },
"query/cache/delta/sizeBytes" : { "dimensions" : [], "type" : "count" },
"query/cache/delta/hits" : { "dimensions" : [], "type" : "count" },
"query/cache/delta/misses" : { "dimensions" : [], "type" : "count" },
"query/cache/delta/evictions" : { "dimensions" : [], "type" : "count" },
"query/cache/delta/hitRate" : { "dimensions" : [], "type" : "count", "convertRange" : true },
"query/cache/delta/averageBytes" : { "dimensions" : [], "type" : "count" },
"query/cache/delta/timeouts" : { "dimensions" : [], "type" : "count" },
"query/cache/delta/errors" : { "dimensions" : [], "type" : "count" },
"query/cache/total/numEntries" : { "dimensions" : [], "type" : "gauge" },
"query/cache/total/sizeBytes" : { "dimensions" : [], "type" : "gauge" },
"query/cache/total/hits" : { "dimensions" : [], "type" : "gauge" },
"query/cache/total/misses" : { "dimensions" : [], "type" : "gauge" },
"query/cache/total/evictions" : { "dimensions" : [], "type" : "gauge" },
"query/cache/total/hitRate" : { "dimensions" : [], "type" : "gauge", "convertRange" : true },
"query/cache/total/averageBytes" : { "dimensions" : [], "type" : "gauge" },
"query/cache/total/timeouts" : { "dimensions" : [], "type" : "gauge" },
"query/cache/total/errors" : { "dimensions" : [], "type" : "gauge" },
"ingest/events/thrownAway" : { "dimensions" : ["dataSource"], "type" : "count" },
"ingest/events/unparseable" : { "dimensions" : ["dataSource"], "type" : "count" },
"ingest/events/duplicate" : { "dimensions" : ["dataSource"], "type" : "count" },
"ingest/events/processed" : { "dimensions" : ["dataSource", "taskType", "taskId"], "type" : "count" },
"ingest/events/messageGap" : { "dimensions" : ["dataSource"], "type" : "gauge" },
"ingest/rows/output" : { "dimensions" : ["dataSource"], "type" : "count" },
"ingest/persists/count" : { "dimensions" : ["dataSource"], "type" : "count" },
"ingest/persists/time" : { "dimensions" : ["dataSource"], "type" : "timer" },
"ingest/persists/cpu" : { "dimensions" : ["dataSource"], "type" : "timer" },
"ingest/persists/backPressure" : { "dimensions" : ["dataSource"], "type" : "gauge" },
"ingest/persists/failed" : { "dimensions" : ["dataSource"], "type" : "count" },
"ingest/handoff/failed" : { "dimensions" : ["dataSource"], "type" : "count" },
"ingest/merge/time" : { "dimensions" : ["dataSource"], "type" : "timer" },
"ingest/merge/cpu" : { "dimensions" : ["dataSource"], "type" : "timer" },
"ingest/kafka/lag" : { "dimensions" : ["dataSource"], "type" : "gauge" },
"ingest/kafka/maxLag" : { "dimensions" : ["dataSource"], "type" : "gauge" },
"ingest/kafka/avgLag" : { "dimensions" : ["dataSource"], "type" : "gauge" },
"task/success/count" : { "dimensions" : ["dataSource"], "type" : "count" },
"task/failed/count" : { "dimensions" : ["dataSource"], "type" : "count" },
"task/running/count" : { "dimensions" : ["dataSource"], "type" : "gauge" },
"task/pending/count" : { "dimensions" : ["dataSource"], "type" : "gauge" },
"task/waiting/count" : { "dimensions" : ["dataSource"], "type" : "gauge" },
"taskSlot/total/count" : { "dimensions" : [], "type" : "gauge" },
"taskSlot/idle/count" : { "dimensions" : [], "type" : "gauge" },
"taskSlot/busy/count" : { "dimensions" : [], "type" : "gauge" },
"taskSlot/lazy/count" : { "dimensions" : [], "type" : "gauge" },
"taskSlot/blacklisted/count" : { "dimensions" : [], "type" : "gauge" },
"task/run/time" : { "dimensions" : ["dataSource", "taskType"], "type" : "timer" },
"segment/added/bytes" : { "dimensions" : ["dataSource", "taskType"], "type" : "count" },
"segment/moved/bytes" : { "dimensions" : ["dataSource", "taskType"], "type" : "count" },
"segment/nuked/bytes" : { "dimensions" : ["dataSource", "taskType"], "type" : "count" },
"segment/assigned/count" : { "dimensions" : ["tier"], "type" : "count" },
"segment/moved/count" : { "dimensions" : ["tier"], "type" : "count" },
"segment/dropped/count" : { "dimensions" : ["tier"], "type" : "count" },
"segment/deleted/count" : { "dimensions" : ["tier"], "type" : "count" },
"segment/unneeded/count" : { "dimensions" : ["tier"], "type" : "count" },
"segment/unavailable/count" : { "dimensions" : ["dataSource"], "type" : "gauge" },
"segment/underReplicated/count" : { "dimensions" : ["dataSource", "tier"], "type" : "gauge" },
"segment/cost/raw" : { "dimensions" : ["tier"], "type" : "count" },
"segment/cost/normalization" : { "dimensions" : ["tier"], "type" : "count" },
"segment/cost/normalized" : { "dimensions" : ["tier"], "type" : "count" },
"segment/loadQueue/size" : { "dimensions" : ["server"], "type" : "gauge" },
"segment/loadQueue/failed" : { "dimensions" : ["server"], "type" : "gauge" },
"segment/loadQueue/count" : { "dimensions" : ["server"], "type" : "gauge" },
"segment/dropQueue/count" : { "dimensions" : ["server"], "type" : "gauge" },
"segment/size" : { "dimensions" : ["dataSource"], "type" : "gauge" },
"segment/overShadowed/count" : { "dimensions" : [], "type" : "gauge" },
"segment/max" : { "dimensions" : [], "type" : "gauge"},
"segment/used" : { "dimensions" : ["dataSource", "tier", "priority"], "type" : "gauge" },
"segment/usedPercent" : { "dimensions" : ["dataSource", "tier", "priority"], "type" : "gauge", "convertRange" : true },
"segment/pendingDelete" : { "dimensions" : [], "type" : "gauge"},
"jvm/pool/committed" : { "dimensions" : ["poolKind", "poolName"], "type" : "gauge" },
"jvm/pool/init" : { "dimensions" : ["poolKind", "poolName"], "type" : "gauge" },
"jvm/pool/max" : { "dimensions" : ["poolKind", "poolName"], "type" : "gauge" },
"jvm/pool/used" : { "dimensions" : ["poolKind", "poolName"], "type" : "gauge" },
"jvm/bufferpool/count" : { "dimensions" : ["bufferpoolName"], "type" : "gauge" },
"jvm/bufferpool/used" : { "dimensions" : ["bufferpoolName"], "type" : "gauge" },
"jvm/bufferpool/capacity" : { "dimensions" : ["bufferpoolName"], "type" : "gauge" },
"jvm/mem/init" : { "dimensions" : ["memKind"], "type" : "gauge" },
"jvm/mem/max" : { "dimensions" : ["memKind"], "type" : "gauge" },
"jvm/mem/used" : { "dimensions" : ["memKind"], "type" : "gauge" },
"jvm/mem/committed" : { "dimensions" : ["memKind"], "type" : "gauge" },
"jvm/gc/count" : { "dimensions" : ["gcName", "gcGen"], "type" : "count" },
"jvm/gc/cpu" : { "dimensions" : ["gcName", "gcGen"], "type" : "count" },
"ingest/events/buffered" : { "dimensions" : ["serviceName", "bufferCapacity"], "type" : "gauge"},
"sys/swap/free" : { "dimensions" : [], "type" : "gauge"},
"sys/swap/max" : { "dimensions" : [], "type" : "gauge"},
"sys/swap/pageIn" : { "dimensions" : [], "type" : "gauge"},
"sys/swap/pageOut" : { "dimensions" : [], "type" : "gauge"},
"sys/disk/write/count" : { "dimensions" : ["fsDevName"], "type" : "count"},
"sys/disk/read/count" : { "dimensions" : ["fsDevName"], "type" : "count"},
"sys/disk/write/size" : { "dimensions" : ["fsDevName"], "type" : "count"},
"sys/disk/read/size" : { "dimensions" : ["fsDevName"], "type" : "count"},
"sys/net/write/size" : { "dimensions" : [], "type" : "count"},
"sys/net/read/size" : { "dimensions" : [], "type" : "count"},
"sys/fs/used" : { "dimensions" : ["fsDevName", "fsDirName", "fsTypeName", "fsSysTypeName", "fsOptions"], "type" : "gauge"},
"sys/fs/max" : { "dimensions" : ["fsDevName", "fsDirName", "fsTypeName", "fsSysTypeName", "fsOptions"], "type" : "gauge"},
"sys/mem/used" : { "dimensions" : [], "type" : "gauge"},
"sys/mem/max" : { "dimensions" : [], "type" : "gauge"},
"sys/storage/used" : { "dimensions" : ["fsDirName"], "type" : "gauge"},
"sys/cpu" : { "dimensions" : ["cpuName", "cpuTime"], "type" : "gauge"},
"coordinator-segment/count" : { "dimensions" : ["dataSource"], "type" : "gauge" },
"historical-segment/count" : { "dimensions" : ["dataSource", "tier", "priority"], "type" : "gauge" },
"jetty/numOpenConnections" : { "dimensions" : [], "type" : "gauge" },
"query/cache/caffeine/total/requests" : { "dimensions" : [], "type" : "gauge" },
"query/cache/caffeine/total/loadTime" : { "dimensions" : [], "type" : "gauge" },
"query/cache/caffeine/total/evictionBytes" : { "dimensions" : [], "type" : "gauge" },
"query/cache/memcached/total" : { "dimensions" : ["[MEM] Reconnecting Nodes (ReconnectQueue)",
"[MEM] Request Rate: All",
"[MEM] Average Bytes written to OS per write",
"[MEM] Average Bytes read from OS per read",
"[MEM] Response Rate: All (Failure + Success + Retry)",
"[MEM] Response Rate: Retry",
"[MEM] Response Rate: Failure",
"[MEM] Response Rate: Success"],
"type" : "gauge" },
"query/cache/caffeine/delta/requests" : { "dimensions" : [], "type" : "count" },
"query/cache/caffeine/delta/loadTime" : { "dimensions" : [], "type" : "count" },
"query/cache/caffeine/delta/evictionBytes" : { "dimensions" : [], "type" : "count" },
"query/cache/memcached/delta" : { "dimensions" : ["[MEM] Reconnecting Nodes (ReconnectQueue)",
"[MEM] Request Rate: All",
"[MEM] Average Bytes written to OS per write",
"[MEM] Average Bytes read from OS per read",
"[MEM] Response Rate: All (Failure + Success + Retry)",
"[MEM] Response Rate: Retry",
"[MEM] Response Rate: Failure",
"[MEM] Response Rate: Success"],
"type" : "count" }
}
volumeMounts: - mountPath: /druid/data name: data-volume - mountPath: /druid/deepstorage name: deepstorage-volume - mountPath: /etc/krb5.conf name: krbfile-volume subPath: krb5.conf - mountPath: /opt/druid/conf/druid/kafka_jaas.conf name: kafka-jaas-volume subPath: kafka_jaas.conf
volumes: - name: data-volume emptyDir: {} - name: deepstorage-volume hostPath: path: /tmp/druid/deepstorage type: DirectoryOrCreate - name: krbfile-volume configMap: name: krb-file - name: kafka-jaas-volume configMap: name: kafka-jaas
env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: METADATA_STORAGE_PASSWORD valueFrom: secretKeyRef: name: druid-mysql-password key: password - name: DRUID_SET_HOST value: "0"
nodes: brokers: # Optionally specify for running broker as Deployment kind: Deployment nodeType: "broker" # Optionally specify for broker nodes # imagePullSecrets: # - name: tutu podLabels: app.kubernetes.io/component: broker podAnnotations: druid.k8s.enablePatching: "true" prometheus.io/scrape: 'true' prometheus.io/port: '9090' druid.port: 8088 nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" replicas: 1 runtime.properties: | druid.host=xxxx-brokers.service.xxx druid.service=druid/broker # HTTP server threads druid.broker.http.numConnections=5 druid.server.http.numThreads=10 # Processing threads and buffers druid.processing.buffer.sizeBytes=1 druid.processing.numMergeBuffers=1 druid.processing.numThreads=1 druid.sql.enable=true druid.auth.authenticatorChain=["xxx-authenticator"] druid.auth.authenticator.xxx-authenticator.type=kerberos # druid.auth.authenticator.xxx-authenticator-internal.type=basic druid.auth.authenticator.xxx-authenticator.serverPrincipal=HTTP/xxxx druid.auth.authenticator.xxx-authenticator.serverKeytab=/druid/keytabs/xx.keytab druid.auth.authenticator.xxx-authenticator.cookieSignatureSecret="xxxx" druid.auth.authorizers=["xxx-authorizer"] druid.auth.authorizer.xxx-authorizer.type=allowAll druid.auth.authenticator.xxx-authenticator.authorizerName=xxx-authorizer druid.escalator.type=kerberos druid.escalator.authorizerName=xxx-authorizer druid.escalator.internalClientKeytab=/druid/keytabs/internal.keytab druid.escalator.internalClientPrincipal=druid-internal@xxxx druid.auth.unsecuredPaths=["/metrics","/druid/historical/v1/loadstatus"] extra.jvm.options: |- -Xmx512M -Xms512M
coordinators:
# Optionally specify for running coordinator as Deployment
kind: Deployment
nodeType: "coordinator"
podLabels:
app.kubernetes.io/component: coordinator
podAnnotations:
druid.k8s.enablePatching: "true"
prometheus.io/scrape: 'true'
prometheus.io/port: '9090'
druid.port: 8088
nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/coordinator-overlord"
replicas: 1
runtime.properties: |
druid.host=xxx-coordinators.service.xxxx
druid.service=druid/coordinator
# HTTP server threads
druid.coordinator.startDelay=PT30S
druid.coordinator.period=PT30S
# Configure this coordinator to also run as Overlord
druid.coordinator.asOverlord.enabled=false
druid.auth.authenticatorChain=["xxx-authenticator"]
druid.auth.authenticator.xxx-authenticator.type=kerberos
druid.auth.authenticator.xxx-authenticator.serverPrincipal=HTTP/xxxx-coordinators.service.xxx
druid.auth.authenticator.xxx-authenticator.serverKeytab=/druid/keytabs/xxx.keytab
druid.auth.authenticator.xxx-authenticator.cookieSignatureSecret="xxxx"
druid.auth.authorizers=["xxx-authorizer"]
druid.auth.authorizer.xxx-authorizer.type=allowAll
druid.auth.authenticator.xxx-authenticator.authorizerName=xxxx-authorizer
druid.escalator.type=kerberos
druid.escalator.authorizerName=xxx-authorizer
druid.escalator.internalClientKeytab=/druid/keytabs/druid-internal.keytab
druid.escalator.internalClientPrincipal=druid-internal@xxx
druid.auth.unsecuredPaths=["/metrics","/druid/historical/v1/loadstatus"]
extra.jvm.options: |-
-Xmx512M
-Xms512M
overlords:
kind: Deployment
nodeType: "overlord"
readinessProbe:
httpGet:
path: /status/health
port: 8100
podLabels:
app.kubernetes.io/component: overlord
extraEnv:
- key: druid_host
- value: "xxx-overlords.xxx"
podAnnotations:
druid.k8s.enablePatching: "true"
prometheus.io/scrape: 'true'
prometheus.io/port: '9090'
druid.port: 8100
nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/coordinator-overlord"
replicas: 1
runtime.properties: |
druid.host=xxxx-overlords.service.xxx
druid.service=druid/overlord
# druid.extensions.loadList=["druid-kafka-indexing-service", "druid-kubernetes-extensions","druid-google-extensions","druid-kubernetes-overlord-extensions","mysql-metadata-storage","prometheus-emitter","druid-kubernetes-overlord-extensions","druid-protobuf-extensions", "druid-avro-extensions", "druid-parquet-extensions", "druid-orc-extensions", "druid-kinesis-indexing-service", "druid-datasketches","druid-kerberos","druid-basic-security"]
# HTTP server threads
druid.coordinator.startDelay=PT30S
druid.coordinator.period=PT30S
# Configure this coordinator to also run as Overlord
# druid.coordinator.asOverlord.enabled=true
# druid.coordinator.asOverlord.overlordService=druid/overlord
druid.indexer.task.encapsulatedTask=true
druid.peon.mode=remote
druid.indexer.queue.startDelay=PT30S
druid.indexer.runner.type=k8s
druid.indexer.storage.type=metadata
druid.auth.authenticatorChain=["xxx-authenticator"]
druid.auth.authenticator.xxx-authenticator.type=kerberos
druid.auth.authenticator.xxx-authenticator.serverPrincipal=HTTP/xxx-overlords.xxx
druid.auth.authenticator.xxx-authenticator.serverKeytab=/druid/keytabs/xxx.keytab
druid.auth.authenticator.xxx-authenticator.cookieSignatureSecret="xxxx"
druid.auth.authorizers=["xxxx-authorizer"]
druid.auth.authorizer.xxx-authorizer.type=allowAll
druid.auth.authenticator.xxx-authenticator.authorizerName=xxxx-authorizer
druid.escalator.type=kerberos
druid.escalator.authorizerName=xxx-authorizer
druid.escalator.internalClientKeytab=/druid/keytabs/druid-internal.keytab
druid.escalator.internalClientPrincipal=druid-internal@xxxx
druid.escalator.authorizerName=xxx-authorizer
druid.auth.unsecuredPaths=["/metrics"]
druid.indexer.runner.javaOptsArray=["-Djava.security.auth.login.config=/opt/druid/conf/druid/kafka_jaas.conf"]
extra.jvm.options: |-
-Xmx512M
-Xms512M
log4j.config: |-
<?xml version="1.0" encoding="UTF-8" ?>
<Configuration status="WARN">
<Appenders>
<Console name="Console" target="SYSTEM_OUT">
<PatternLayout pattern="%d{ISO8601} %p [%t] %c - %m%n"/>
</Console>
</Appenders>
<Loggers>
<Root level="info">
<AppenderRef ref="Console"/>
</Root>
</Loggers>
</Configuration>
["org.apache.druid.client.cache.CacheMonitor","org.apache.druid.java.util.metrics.JvmMonitor","org.apache.druid.java.util.metrics.JvmCpuMonitor","org.apache.druid.java.util.metrics.CpuAcctDeltaMonitor","org.apache.druid.java.util.metrics.JvmThreadsMonitor","org.apache.druid.java.util.metrics.CgroupCpuMonitor","org.apache.druid.java.util.metrics.CgroupMemoryMonitor","org.apache.druid.server.metrics.EventReceiverFirehoseMonitor","org.apache.druid.server.metrics.HistoricalMetricsMonitor","org.apache.druid.server.metrics.SegmentStatsMonitor","org.apache.druid.server.metrics.ServiceStatusMonitor","org.apache.druid.server.metrics.EventReceiverFirehoseMonitor"]
hot:
kind: StatefulSet
druid.port: 8088
nodeConfigMountPath: /opt/druid/conf/druid/cluster/data/historical
nodeType: historical
podLabels:
app.kubernetes.io/component: historical
podAnnotations:
druid.k8s.enablePatching: "true"
prometheus.io/scrape: 'true'
prometheus.io/port: '9090'
readinessProbe:
failureThreshold: 18
httpGet:
path: /druid/historical/v1/readiness
port: 8088
periodSeconds: 10
replicas: 1
volumeClaimTemplates:
- metadata:
name: data-volume
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: standard
runtime.properties: |
druid.host=xxx-hot.service.xxx
druid.service=druid/historical/hot
druid.server.tier=hot
druid.server.priority=1
druid.monitoring.monitors=["org.apache.druid.client.cache.CacheMonitor","org.apache.druid.java.util.metrics.JvmMonitor","org.apache.druid.java.util.metrics.JvmCpuMonitor","org.apache.druid.java.util.metrics.JvmThreadsMonitor","org.apache.druid.server.metrics.EventReceiverFirehoseMonitor","org.apache.druid.server.metrics.HistoricalMetricsMonitor","org.apache.druid.server.metrics.SegmentStatsMonitor","org.apache.druid.server.metrics.EventReceiverFirehoseMonitor"]
druid.segmentCache.locations=[{\"path\":\"/druid/data/segments\",\"maxSize\":10737418240}]
druid.server.maxSize=10737418240
druid.auth.authenticatorChain=["xxxx-authenticator"]
druid.auth.authenticator.xxx-authenticator.type=kerberos
druid.auth.authenticator.xxx-authenticator.serverPrincipal=HTTP/xxx-hot.xxxx
druid.auth.authenticator.xxx-authenticator.serverKeytab=/druid/keytabs/hot.keytab
druid.auth.authorizers=["xxx-authorizer"]
druid.auth.authorizer.xxx-authorizer.type=allowAll
druid.auth.authenticator.xxx-authenticator.authorizerName=xxx-authorizer
druid.escalator.type=kerberos
druid.escalator.authorizerName=xxx-authorizer
druid.escalator.internalClientKeytab=/druid/keytabs/druid-internal.keytab
druid.escalator.internalClientPrincipal=druid-internal@xxxx
druid.auth.unsecuredPaths=["/metrics","/druid/historical/v1/loadstatus"]
druid.auth.authenticator.xxx-authenticator.cookieSignatureSecret="xxx"
extra.jvm.options: |-
-Xmx512M
-Xms512M
cold:
kind: StatefulSet
druid.port: 8088
nodeConfigMountPath: /opt/druid/conf/druid/cluster/data/historical
nodeType: historical
podLabels:
app.kubernetes.io/component: historical
podAnnotations:
druid.k8s.enablePatching: "true"
prometheus.io/scrape: 'true'
prometheus.io/port: '9090'
readinessProbe:
failureThreshold: 18
httpGet:
path: /druid/historical/v1/readiness
port: 8088
periodSeconds: 10
replicas: 1
volumeClaimTemplates:
- metadata:
name: data-volume
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: standard
runtime.properties: |
druid.host=xxx-cold.service.xxx
druid.service=druid/historical/cold
druid.server.priority=0
# druid.tier=cold
druid.monitoring.monitors=["org.apache.druid.client.cache.CacheMonitor","org.apache.druid.java.util.metrics.JvmMonitor","org.apache.druid.java.util.metrics.JvmCpuMonitor","org.apache.druid.java.util.metrics.CpuAcctDeltaMonitor","org.apache.druid.java.util.metrics.JvmThreadsMonitor","org.apache.druid.server.metrics.EventReceiverFirehoseMonitor","org.apache.druid.server.metrics.HistoricalMetricsMonitor","org.apache.druid.server.metrics.SegmentStatsMonitor","org.apache.druid.server.metrics.EventReceiverFirehoseMonitor"]
druid.segmentCache.locations=[{\"path\":\"/druid/data/segments\",\"maxSize\":10737418240}]
druid.server.maxSize=10737418240
druid.auth.authenticatorChain=["xxxx-authenticator"]
druid.auth.authenticator.xxx-authenticator.type=kerbero
druid.auth.authenticator.xxx-authenticator.serverPrincipal=HTTP/xxxx-cold.service.gxxxx
druid.auth.authenticator.xxx-authenticator.serverKeytab=/druid/keytabs/cold.keytab
druid.auth.authorizers=["xxx-authorizer"]
druid.auth.authorizer.xxx-authorizer.type=allowAll
druid.auth.authenticator.xxx-authenticator.authorizerName=xxx-authorizer
druid.escalator.type=kerberos
druid.escalator.authorizerName=xxx-authorizer
druid.escalator.internalClientKeytab=/druid/keytabs/druid-internal.keytab
druid.escalator.internalClientPrincipal=druid-internal@xxxx
druid.auth.unsecuredPaths=["/metrics","/druid/historical/v1/loadstatus"]
druid.auth.authenticator.xxx-authenticator.cookieSignatureSecret="xxxx"
extra.jvm.options: |-
-Xmx512M
-Xms512M
routers:
kind: Deployment
nodeType: "router"
podLabels:
app.kubernetes.io/component: router
podAnnotations:
druid.k8s.enablePatching: "true"
prometheus.io/scrape: 'true'
prometheus.io/port: '9090'
druid.port: 8088
nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/router"
replicas: 1
runtime.properties: |
druid.host=xxx-routers.service.xxx
druid.service=druid/router
# HTTP proxy
druid.router.http.numConnections=10
druid.router.http.readTimeout=PT5M
druid.router.http.numMaxThreads=10
druid.server.http.numThreads=10
# Service discovery
druid.router.defaultBrokerServiceName=druid/broker
druid.router.coordinatorServiceName=druid/coordinator
# Management proxy to coordinator / overlord: required for unified web console.
druid.router.managementProxy.enabled=true
druid.auth.authenticatorChain=["xxx-authenticator"]
druid.auth.authenticator.xxx-authenticator.type=kerberos
druid.auth.authenticator.xxx-authenticator.serverPrincipal=HTTP/sxxx-routers.service.xxx
druid.auth.authenticator.xxx-authenticator.serverKeytab=/druid/keytabs/routers.keytab
druid.auth.authenticator.xxx-authenticator.cookieSignatureSecret="xxx"
druid.auth.authorizers=["xxx-authorizer"]
druid.auth.authorizer.xxx-authorizer.type=allowAll
druid.auth.authenticator.xxx-authenticator.authorizerName=xxx-authorizer
druid.escalator.type=kerberos
druid.escalator.authorizerName=xxx-authorizer
druid.escalator.internalClientKeytab=/druid/keytabs/druid-internal.keytab
druid.escalator.internalClientPrincipal=druid-internal@xxxx
druid.auth.unsecuredPaths=["/metrics","/druid/historical/v1/loadstatus"]
extra.jvm.options: |-
-Xmx512M
-Xms512M
apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: druid rules:
- apiGroups:
- "" resources:
- pods
- configmaps verbs:
- '*'
- apiGroups: ["batch"] resources: ["jobs"] verbs: ["get", "watch", "list", "delete", "create"]
- apiGroups: [""] resources: ["pods", "pods/log"] verbs: ["get", "watch", "list", "delete", "create"]
kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: druid subjects:
- kind: ServiceAccount name: druid roleRef: kind: Role name: druid apiGroup: rbac.authorization.k8s.io
Can someone please help me with this
