Pulsar Helm Chart Issues -

[acherla]

Version: 2.8.2 Chart: Pulsar

Problem: There are a few issues found when debugging the helm chart with the streamnative team that I would like to contribute to resolve critical problems in deployment of zookeeper and other services.

1. Need resources limits for init containers and base containers (Best practice/standards, enterprise security requirements normally require resource limits/requests to be configured when deploying to production)
2. Need to convert the "cluster role" privs to "role" privs to prevent cluster elevated privilege's for the pulsar operator. CRD's should still be deployed with cluster privs, however the operator should still work with with a standard role rather than a cluster role binding, unless it is required for certain features.
3. Need to remove PULSAR_PREFIX_serverCnxnFactory: org.apache.zookeeper.server.NettyServerCnxnFactory as this is causing a null pointer exception when provisioning the zookeeper pods.
4. kop-certs failed to mount to pulsar broker pods, even with kop-certs was disabled. When set to true kop-certs fails to mount to broker pods. Root cause seems to be the kop-cert secret is not being provisioned even when enabling kop=true in the values.yaml configuration.