summaryrefslogtreecommitdiffstats
path: root/kubernetes/so/components
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/so/components')
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml6
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/templates/deployment.yaml9
-rw-r--r--kubernetes/so/components/so-sdc-controller/templates/kafkauser.yaml16
-rw-r--r--kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml36
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/values.yaml33
5 files changed, 40 insertions, 60 deletions
diff --git a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml
index 0630497bdb..473b1c3bcf 100755
--- a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml
@@ -68,8 +68,10 @@ mso:
asdc-connections:
asdc-controller1:
user: mso
- consumerGroup: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
- consumerId: {{ .Values.config.kafka.sdcTopic.clientId }}
+ {{ with (first .Values.kafkaUser.acls) }}
+ consumerId: {{ .name }}-sdc-controller
+ consumerGroup: {{ .name }}
+ {{ end }}
environmentName: AUTO
sdcAddress: sdc-be.{{ include "common.namespace" . }}:8080
password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }}
diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
index 4becf41897..12de6bd382 100755
--- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
+++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
@@ -47,12 +47,11 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- - name: SECURITY_PROTOCOL
- value: {{ .Values.config.kafka.securityProtocol }}
- - name: SASL_MECHANISM
- value: {{ .Values.config.kafka.saslMechanism }}
- name: SASL_JAAS_CONFIG
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/components/so-sdc-controller/templates/kafkauser.yaml b/kubernetes/so/components/so-sdc-controller/templates/kafkauser.yaml
new file mode 100644
index 0000000000..6fc37c3d01
--- /dev/null
+++ b/kubernetes/so/components/so-sdc-controller/templates/kafkauser.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
diff --git a/kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml b/kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml
deleted file mode 100644
index 4619c8ebc0..0000000000
--- a/kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
- name: {{ include "common.release" . }}-{{ .Values.global.soSdcListenerKafkaUser }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- authentication:
- type: {{ .Values.config.kafka.saslMechanism | lower }}
- authorization:
- type: {{ .Values.config.kafka.authType }}
- acls:
- - resource:
- type: group
- name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
- operation: All
- - resource:
- type: topic
- patternType: prefix
- name: {{ .Values.config.kafka.sdcTopic.pattern }}
- operation: All
diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml
index dbde74808b..81ae6ae7fd 100755
--- a/kubernetes/so/components/so-sdc-controller/values.yaml
+++ b/kubernetes/so/components/so-sdc-controller/values.yaml
@@ -45,13 +45,6 @@ secrets:
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
- - uid: so-sdc-kafka-secret
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
#secretsFilePaths: |
# - 'my file 1'
@@ -83,27 +76,19 @@ mso:
asdc-connections:
asdc-controller1:
password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
-config:
- someConfig: blah
- kafka:
- securityProtocol: SASL_PLAINTEXT
- saslMechanism: SCRAM-SHA-512
- authType: simple
- sdcTopic:
- pattern: SDC-DIST
- consumerGroup: so
- clientId: SO-sdc-controller
replicaCount: 1
minReadySeconds: 10
containerPort: &containerPort 8085
logPath: ./logs/sdc/
app: sdc-controller
+
service:
type: ClusterIP
ports:
- name: http
port: *containerPort
+
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
@@ -134,6 +119,7 @@ resources:
memory: 2Gi
cpu: 1000m
unlimited: {}
+
livenessProbe:
path: /manage/health
port: 8085
@@ -143,12 +129,25 @@ livenessProbe:
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3
+
ingress:
enabled: false
+
nodeSelector: {}
tolerations: []
affinity: {}
+# Strimzi KafkaUser config
+kafkaUser:
+ acls:
+ - name: SO
+ type: group
+ operations: [Read]
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
+
#Pods Service Account
serviceAccount:
nameOverride: so-sdc-controller