diff options
author | Andreas Geissler <andreas-geissler@telekom.de> | 2023-02-23 11:09:01 +0100 |
---|---|---|
committer | Fiachra Corcoran <fiachra.corcoran@est.tech> | 2023-03-09 18:21:34 +0000 |
commit | eb68c405edd326112581ad901f1ce1d3d2e2b98b (patch) | |
tree | e88910646a90f3190d39640af145fe142a9319af /kubernetes | |
parent | 5c0678f7cc26241252692d84b4a31862c1204237 (diff) |
[STRIMZI] External Kafka Access via Ingress
Add Ingress configuration for Kafka brokers and bootstrap service
and add advertized host/port settings
Change the _service.tpl to modify a Nodeport to a ClusterIP depending
in the usage of Ingress
Issue-ID: OOM-3109
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I19a405b7fb9c06ce40322e7af824e1aad5baaa90
Diffstat (limited to 'kubernetes')
-rw-r--r-- | kubernetes/common/common/templates/_ingress.tpl | 15 | ||||
-rw-r--r-- | kubernetes/common/common/templates/_service.tpl | 2 | ||||
-rw-r--r-- | kubernetes/strimzi/templates/ingress.yaml | 17 | ||||
-rw-r--r-- | kubernetes/strimzi/templates/strimzi-kafka.yaml | 16 | ||||
-rw-r--r-- | kubernetes/strimzi/values.yaml | 28 |
5 files changed, 76 insertions, 2 deletions
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 7065338cf9..30ef02295f 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -15,6 +15,21 @@ # limitations under the License. */}} {{/* + Helper function to check, if Ingress is globally enabled +*/}} +{{- define "common.ingressEnabled" -}} +{{- $dot := default . .dot -}} +{{- if $dot.Values.ingress -}} +{{- if $dot.Values.global.ingress -}} +{{- if (default false $dot.Values.global.ingress.enabled) -}} +true +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + + +{{/* Create the hostname as concatination <baseaddr>.<baseurl> - baseaddr: from component values: ingress.service.baseaddr - baseurl: from values: global.ingress.virtualhost.baseurl diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 4b6e0a1aae..3db01396ca 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -250,7 +250,7 @@ spec: {{- $both_tls_and_plain:= default false $dot.Values.service.both_tls_and_plain }} {{- $labels := default (dict) .labels -}} {{- $matchLabels := default (dict) .matchLabels -}} -{{- if and (include "common.onServiceMesh" $dot) (eq $serviceType "NodePort") }} +{{- if and (include "common.ingressEnabled" $dot) (eq $serviceType "NodePort") -}} {{- $serviceType = "ClusterIP" }} {{- end }} diff --git a/kubernetes/strimzi/templates/ingress.yaml b/kubernetes/strimzi/templates/ingress.yaml new file mode 100644 index 0000000000..bcc60a0953 --- /dev/null +++ b/kubernetes/strimzi/templates/ingress.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.ingress" . }} diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml index b35485f11c..99252ec3e6 100644 --- a/kubernetes/strimzi/templates/strimzi-kafka.yaml +++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml @@ -35,20 +35,34 @@ spec: type: tls - name: external port: 9094 - type: nodeport + type: {{ if (include "common.ingressEnabled" .) }}cluster-ip{{ else }}nodeport{{ end }} tls: true authentication: type: tls configuration: + {{- if not (include "common.ingressEnabled" .) }} bootstrap: nodePort: {{ .Values.global.nodePortPrefixExt }}93 + {{- end }} brokers: - broker: 0 + advertisedHost: {{ .Values.config.advertisedHost }} + advertisedPort: {{ .Values.config.advertizedPortBroker0 }} + {{- if not (include "common.ingressEnabled" .) }} nodePort: {{ .Values.global.nodePortPrefixExt }}90 + {{- end }} - broker: 1 + advertisedHost: {{ .Values.config.advertisedHost }} + advertisedPort: {{ .Values.config.advertizedPortBroker1 }} + {{- if not (include "common.ingressEnabled" .) }} nodePort: {{ .Values.global.nodePortPrefixExt }}91 + {{- end }} - broker: 2 + advertisedHost: {{ .Values.config.advertisedHost }} + advertisedPort: {{ .Values.config.advertizedPortBroker2 }} + {{- if not (include "common.ingressEnabled" .) }} nodePort: {{ .Values.global.nodePortPrefixExt }}92 + {{- end }} authorization: type: {{ .Values.config.authType }} superUsers: diff --git a/kubernetes/strimzi/values.yaml b/kubernetes/strimzi/values.yaml index e6da1d55db..ec1ed887a7 100644 --- a/kubernetes/strimzi/values.yaml +++ b/kubernetes/strimzi/values.yaml @@ -29,6 +29,10 @@ config: saslMechanism: &saslMech scram-sha-512 kafkaInternalPort: &plainPort 9092 strimziKafkaAdminUser: &adminUser strimzi-kafka-admin + advertisedHost: kafka-api.simpledemo.onap.org + advertizedPortBroker0: &advertizedPortBroker0 9000 + advertizedPortBroker1: &advertizedPortBroker1 9001 + advertizedPortBroker2: &advertizedPortBroker2 9002 persistence: enabled: &pvenabled true @@ -56,6 +60,30 @@ serviceAccount: roles: - read +ingress: + enabled: false + service: + - baseaddr: "kafka-bootstrap-api" + name: "onap-strimzi-kafka-external-bootstrap" + port: 9094 + exposedPort: 9010 + exposedProtocol: TLS + - baseaddr: "kafka-0-api" + name: "onap-strimzi-kafka-0" + port: 9094 + exposedPort: *advertizedPortBroker0 + exposedProtocol: TLS + - baseaddr: "kafka-1-api" + name: "onap-strimzi-kafka-1" + port: 9094 + exposedPort: *advertizedPortBroker1 + exposedProtocol: TLS + - baseaddr: "kafka-2-api" + name: "onap-strimzi-kafka-2" + port: 9094 + exposedPort: *advertizedPortBroker2 + exposedProtocol: TLS + ###################### # Component overrides ###################### |