summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml7
-rw-r--r--kubernetes/cds/components/cds-sdc-listener/templates/cds-sdc-list-kafka-user.yaml36
-rw-r--r--kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml9
-rw-r--r--kubernetes/cds/components/cds-sdc-listener/values.yaml23
-rw-r--r--kubernetes/cds/values.yaml3
-rw-r--r--kubernetes/common/common/templates/_strimzikafka.tpl132
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml14
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/secrets.yaml (renamed from kubernetes/sdc/components/sdc-be/templates/secret.yaml)3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/ves-openapi-sdc-dist-kafka-user.yaml (renamed from kubernetes/sdc/components/sdc-be/templates/sdc-be-kafka-user.yaml)11
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml27
-rw-r--r--kubernetes/dcaegen2-services/values.yaml3
-rw-r--r--kubernetes/sdc/Chart.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-be/Chart.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-be/templates/deployment.yaml5
-rw-r--r--kubernetes/sdc/components/sdc-be/templates/kafkauser.yaml18
-rw-r--r--kubernetes/sdc/components/sdc-be/templates/sdc-distro-topics.yaml40
-rw-r--r--kubernetes/sdc/components/sdc-be/values.yaml41
-rwxr-xr-xkubernetes/sdc/resources/config/environments/AUTO.json4
-rw-r--r--kubernetes/sdc/templates/kafkatopic.yaml18
-rw-r--r--kubernetes/sdc/values.yaml25
20 files changed, 324 insertions, 101 deletions
diff --git a/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml
index 3710f5f510..6024309d4f 100644
--- a/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml
@@ -1,19 +1,18 @@
listenerservice:
config:
- asdcAddress: sdc-be.{{include "common.namespace" .}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }} #SDC-BE
+ sdcAddress: sdc-be.{{include "common.namespace" .}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }} #SDC-BE
messageBusAddress: message-router.{{include "common.namespace" .}} #Message-Router
user: cds #SDC-username
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U #SDC-password
pollingInterval: 15
pollingTimeout: 60
relevantArtifactTypes: TOSCA_CSAR
- consumerGroup: cds
+ consumerGroup: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
+ consumerId: {{ .Values.config.kafka.sdcTopic.clientId }}
environmentName: AUTO
- consumerId: cds
keyStorePassword:
keyStorePath:
activateServerTLSAuth : false
- isUseHttpsWithDmaap: false
isUseHttpsWithSDC: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
archivePath: /opt/app/onap/sdc-listener/
grpcAddress: cds-blueprints-processor-grpc
diff --git a/kubernetes/cds/components/cds-sdc-listener/templates/cds-sdc-list-kafka-user.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/cds-sdc-list-kafka-user.yaml
new file mode 100644
index 0000000000..58d99dd5b1
--- /dev/null
+++ b/kubernetes/cds/components/cds-sdc-listener/templates/cds-sdc-list-kafka-user.yaml
@@ -0,0 +1,36 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.global.cdsSdcListenerKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: {{ .Values.config.kafka.saslMechanism | lower }}
+ authorization:
+ type: {{ .Values.config.kafka.authType }}
+ acls:
+ - resource:
+ type: group
+ name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
+ operation: All
+ - resource:
+ type: topic
+ patternType: prefix
+ name: {{ .Values.config.kafka.sdcTopic.pattern }}
+ operation: All
diff --git a/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml
index 3a6d76165b..d01e3b0af5 100644
--- a/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright (c) 2019 Bell Canada
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -42,8 +43,6 @@ spec:
- --container-name
- sdc-be
- --container-name
- - message-router
- - --container-name
- cds-blueprints-processor
env:
- name: NAMESPACE
@@ -61,6 +60,12 @@ spec:
env:
- name: APP_CONFIG_HOME
value: {{ .Values.config.appConfigDir }}
+ - name: SECURITY_PROTOCOL
+ value: {{ .Values.config.kafka.securityProtocol }}
+ - name: SASL_MECHANISM
+ value: {{ .Values.config.kafka.saslMechanism }}
+ - name: SASL_JAAS_CONFIG
+ value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 12 }}
ports:
- containerPort: {{ .Values.service.http.internalPort }}
name: {{ .Values.service.http.portName }}
diff --git a/kubernetes/cds/components/cds-sdc-listener/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml
index 9ceeec8081..3d13802d5d 100644
--- a/kubernetes/cds/components/cds-sdc-listener/values.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml
@@ -1,4 +1,5 @@
# Copyright (c) 2019 Bell Canada
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,20 +26,40 @@ global:
persistence:
mountPath: /dockerdata-nfs
+ cdsSdcListenerKafkaUser: cds-sdc-list-user
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-sdclistener:1.4.1
+image: onap/ccsdk-sdclistener:1.5.0
name: sdc-listener
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
+secrets:
+ - uid: cds-sdc-kafka-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
+
# application configuration
config:
appConfigDir: /opt/app/onap/config
+ someConfig: blah
+ kafka:
+ securityProtocol: SASL_PLAINTEXT
+ saslMechanism: SCRAM-SHA-512
+ authType: simple
+ sdcTopic:
+ pattern: SDC-DIST
+ consumerGroup: cds
+ clientId: cds-sdc-listener
# default number of instances
replicaCount: 1
diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml
index 58e6b65c6f..4c06d30a80 100644
--- a/kubernetes/cds/values.yaml
+++ b/kubernetes/cds/values.yaml
@@ -24,6 +24,7 @@ global:
persistence:
mountPath: /dockerdata-nfs
cdsKafkaUser: cds-kafka-user
+ cdsSdcListenerKafkaUser: cds-sdc-list-user
#################################################################
# Secrets metaconfig
@@ -224,6 +225,8 @@ cds-py-executor:
cds-sdc-listener:
enabled: true
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.cdsSdcListenerKafkaUser }}'
cds-ui:
enabled: true
diff --git a/kubernetes/common/common/templates/_strimzikafka.tpl b/kubernetes/common/common/templates/_strimzikafka.tpl
new file mode 100644
index 0000000000..3fd46c7414
--- /dev/null
+++ b/kubernetes/common/common/templates/_strimzikafka.tpl
@@ -0,0 +1,132 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ Create a Strimzi KafkaUser.
+ Usage:
+ include "common.kafkauser" .
+
+ Strimzi kafka provides cluster access via its custom resource definition KafkaUser
+ which is deployed using its User Operator component.
+ See more info here - https://github.com/strimzi/strimzi-kafka-operator/blob/main/helm-charts/helm3/strimzi-kafka-operator/crds/044-Crd-kafkauser.yaml
+ This allows fine grained access control per user towards the kafka cluster.
+ See more info here - https://strimzi.io/docs/operators/latest/configuring.html#proc-configuring-kafka-user-str
+
+ The kafka user definition is defined as part of .Values per component.
+ For general use by OOM components, the following list of acl types should suffice:
+ type: group (Used by the client app to be added to a particular kafka consumer group)
+ type: topic (1 or more kafka topics that the client needs to access. Commonly [Read,Write])
+
+ Note: The template will use the following default values.
+
+ spec.authentication.type: scram-sha-512 (dictated by the available broker listeners on the kafka cluster)
+ spec.authorization.type: simple (Only type supported by strimzi at present)
+ spec.authorization.acls.resource.patternType: literal
+
+ Example:
+
+ kafkaUser:
+ acls:
+ - name: sdc (mandatory)
+ suffix: mysuffix (optional. Will be appended (with a hyphen) to the "name" entry. ie "sdc-mysuffix")
+ type: group (mandatory. Type "group" is used by the client as it's kafka consumer group)
+ operations: [Read] (mandatory. List of at least 1)
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix (optional. In this example, the user will be provided Read and Write access to all topics named "SDC-DISTR*")
+ operations: [Read, Write]
+*/}}
+{{- define "common.kafkauser" -}}
+{{- $global := .global }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.name" . }}-ku
+ namespace: {{ include "common.namespace" $global }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: {{ .Values.kafkaUser.authenticationType | default "scram-sha-512" }}
+ authorization:
+ type: {{ .Values.kafkaUser.authorizationType | default "simple" }}
+ acls:
+ {{- range $acl := .Values.kafkaUser.acls }}
+ - resource:
+ type: {{ $acl.type }}
+ patternType: {{ $acl.patternType | default "literal" }}
+ name: {{ ternary (printf "%s-%s" $acl.name $acl.suffix) $acl.name (hasKey $acl "suffix") }}
+ operations:
+ {{- range $operation := $acl.operations }}
+ - {{ . }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
+
+{{/*
+ Create a Strimzi KafkaTopic.
+ Usage:
+ include "common.kafkatopic" .
+
+ Strimzi kafka provides kafka topic management via its custom resource definition KafkaTopic
+ which is deployed using its Topic Operator component.
+ See more info here - https://github.com/strimzi/strimzi-kafka-operator/blob/main/helm-charts/helm3/strimzi-kafka-operator/crds/043-Crd-kafkatopic.yaml
+
+ Note: KafkaTopic names should adhere to kubernetes object naming conventions - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/
+ maximum length of 253 characters and consist of lower case alphanumeric characters, -, and .
+
+ Note: The template will use the following default values.
+
+ spec.config.retention.ms: 7200000 (defaults to 2 hrs retention for kafka topic logs)
+ spec.config.segment.bytes: 1073741824 (defaults to 1gb)
+ spec.partitions: 6 (defaults to (2 * (default.replication.factor)) defined by the strimzi broker conf)
+ spec.replicas: 3 (defaults to default.replication.factor defined by the strimzi broker conf. Must be > 0 and <= (num of broker replicas))
+
+ The kafka topic definition is defined as part of .Values per component.
+
+ Example:
+
+ kafkaTopic:
+ - name: my-new-topic (mandatory)
+ retentionMs: 7200000 (optional. Defaults to 2hrs)
+ segmentBytes: 1073741824 (optional. Defaults to 1gb)
+ suffix: my-suffix (optional. Will be appended (with a hyphen) to the "name" value. ie "my-new-topic-my-suffix")
+ - name: my.other.topic
+ suffix: some.other-suffix
+*/}}
+{{- define "common.kafkatopic" -}}
+{{- $global := .global }}
+{{- range $topic := .Values.kafkaTopic }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ ($topic.name) | lower }}-kt
+ labels:
+ strimzi.io/cluster: {{ include "common.release" $ }}-strimzi
+spec:
+ {{- if (hasKey $topic "partitions") }}
+ partitions: {{ $topic.partitions }}
+ {{- end }}
+ {{- if (hasKey $topic "replicas") }}
+ replicas: {{ $topic.replicas }}
+ {{- end }}
+ topicName: {{ ternary (printf "%s-%s" $topic.name $topic.suffix) $topic.name (hasKey $topic "suffix") }}
+ config:
+ retention.ms: {{ $topic.retentionMs | default "7200000" }}
+ segment.bytes: {{ $topic.segmentBytes | default "1073741824"}}
+---
+{{- end }}
+{{- end -}}
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml
index 1c6e3593ac..a2c15450bf 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml
@@ -45,10 +45,16 @@ spec:
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
env:
- - name: ASDC_ADDRESS
- value: {{ .Values.externalServices.sdc_be_https }}
- - name: SCHEMA_MAP_PATH
- value: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }}
+ - name: SDC_ADDRESS
+ value: {{ .Values.externalServices.sdc_be_https }}
+ - name: SCHEMA_MAP_PATH
+ value: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }}
+ - name: SECURITY_PROTOCOL
+ value: {{ .Values.config.kafka.securityProtocol }}
+ - name: SASL_MECHANISM
+ value: {{ .Values.config.kafka.saslMechanism }}
+ - name: SASL_JAAS_CONFIG
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ves-openapi-kafka-secret" "key" "sasl.jaas.config") | indent 12 }}
volumeMounts:
- name: schema-map
mountPath: {{ .Values.schemaMap.directory }}
diff --git a/kubernetes/sdc/components/sdc-be/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/secrets.yaml
index bb5091f01a..6ff81501a4 100644
--- a/kubernetes/sdc/components/sdc-be/templates/secret.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/secrets.yaml
@@ -1,5 +1,5 @@
{{/*
-# Copyright © 2022 Nordix Foundation
+# Copyright (C) 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,5 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
{{ include "common.secretFast" . }}
diff --git a/kubernetes/sdc/components/sdc-be/templates/sdc-be-kafka-user.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/ves-openapi-sdc-dist-kafka-user.yaml
index 6cd7f93c5a..3f9d0ca123 100644
--- a/kubernetes/sdc/components/sdc-be/templates/sdc-be-kafka-user.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/ves-openapi-sdc-dist-kafka-user.yaml
@@ -13,27 +13,24 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
-{{- if .Values.global.kafka.useKafka }}
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
- name: {{ include "common.release" . }}-{{ .Values.global.kafka.sdcBeKafkaUser }}
+ name: {{ include "common.release" . }}-{{ .Values.vesOpenApiKafkaUser }}
labels:
strimzi.io/cluster: {{ include "common.release" . }}-strimzi
spec:
authentication:
- type: {{ .Values.config.kafka.saslMech }}
+ type: {{ .Values.config.kafka.saslMechanism | lower }}
authorization:
type: {{ .Values.config.kafka.authType }}
acls:
- resource:
type: group
- name: {{ .Values.config.kafka.topicConsumer.groupId }}-{{ .Values.env.name }}
+ name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
operation: Read
- resource:
type: topic
patternType: prefix
- name: {{ .Values.config.kafka.topicConsumer.pattern }}
+ name: {{ .Values.config.kafka.sdcTopic.pattern }}
operation: All
-{{- end }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml
index c07bd529cc..a9763c9483 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml
@@ -18,9 +18,33 @@
# Global values
global:
pullPolicy: Always
-image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.2.0
+image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.3.0
containerPort: &svc_port 8080
+secrets:
+ - uid: ves-openapi-kafka-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
+
+# application configuration
+config:
+ someConfig: blah
+ kafka:
+ bootstrapServer: strimzi-kafka-bootstrap:9092
+ securityProtocol: SASL_PLAINTEXT
+ saslMechanism: SCRAM-SHA-512
+ authType: simple
+ sdcTopic:
+ pattern: SDC-DIST
+ consumerGroup: dcaegen2
+ clientId: ves-openapi-manager
+
+vesOpenApiKafkaUser: ves-open-api-kafka-user
+
service:
ports:
- name: &port http
@@ -45,7 +69,6 @@ liveness:
readinessCheck:
wait_for:
- - message-router
- sdc-be
flavor: small
diff --git a/kubernetes/dcaegen2-services/values.yaml b/kubernetes/dcaegen2-services/values.yaml
index 1652f04f0f..a73fceb529 100644
--- a/kubernetes/dcaegen2-services/values.yaml
+++ b/kubernetes/dcaegen2-services/values.yaml
@@ -17,6 +17,7 @@
global:
centralizedLoggingEnabled: true
hvVesKafkaUser: dcae-hv-ves-kafka-user
+ vesOpenApiKafkaUser: ves-open-api-kafka-user
#################################################################
# Filebeat Configuration Defaults.
@@ -29,6 +30,8 @@ filebeatConfig:
# Control deployment of DCAE microservices at ONAP installation time
dcae-ves-openapi-manager:
enabled: true
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.vesOpenApiKafkaUser }}'
dcae-datafile-collector:
enabled: false
logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
diff --git a/kubernetes/sdc/Chart.yaml b/kubernetes/sdc/Chart.yaml
index aaa3ac29b7..7c67f49da9 100644
--- a/kubernetes/sdc/Chart.yaml
+++ b/kubernetes/sdc/Chart.yaml
@@ -21,6 +21,9 @@ name: sdc
version: 12.0.0
dependencies:
+ - name: common
+ version: ~12.x-0
+ repository: '@local'
- name: sdc-be
version: ~12.x-0
repository: 'file://components/sdc-be'
diff --git a/kubernetes/sdc/components/sdc-be/Chart.yaml b/kubernetes/sdc/components/sdc-be/Chart.yaml
index e4052afc3d..fe9f39108b 100644
--- a/kubernetes/sdc/components/sdc-be/Chart.yaml
+++ b/kubernetes/sdc/components/sdc-be/Chart.yaml
@@ -21,6 +21,9 @@ name: sdc-be
version: 12.0.0
dependencies:
+ - name: common
+ version: ~12.x-0
+ repository: '@local'
- name: certInitializer
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
index 16fc57aa92..d50a83b2fd 100644
--- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
@@ -163,7 +163,10 @@ spec:
fieldPath: status.podIP
{{- if .Values.global.kafka.useKafka }}
- name: SASL_JAAS_CONFIG
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-be-kafka-secret" "key" "sasl.jaas.config") | indent 12 }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
- name: USE_KAFKA
value: {{ .Values.global.kafka.useKafka | quote }}
{{- end }}
diff --git a/kubernetes/sdc/components/sdc-be/templates/kafkauser.yaml b/kubernetes/sdc/components/sdc-be/templates/kafkauser.yaml
new file mode 100644
index 0000000000..5033d9d9aa
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-be/templates/kafkauser.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.global.kafka.useKafka }}
+{{ include "common.kafkauser" . }}
+{{- end }}
diff --git a/kubernetes/sdc/components/sdc-be/templates/sdc-distro-topics.yaml b/kubernetes/sdc/components/sdc-be/templates/sdc-distro-topics.yaml
deleted file mode 100644
index 9a6f7579e8..0000000000
--- a/kubernetes/sdc/components/sdc-be/templates/sdc-distro-topics.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if .Values.global.kafka.useKafka }}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: sdc-distro-notif-topic
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- topicName: {{ .Values.global.kafka.topics.sdcDistNotifTopic }}-{{ .Values.env.name }}
- config:
- retention.ms: {{ .Values.config.kafka.topicRetentionMs }}
- segment.bytes: {{ .Values.config.kafka.topicSegmentBytes }}
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: sdc-distro-status-topic
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- topicName: {{ .Values.global.kafka.topics.sdcDistStatusTopic }}-{{ .Values.env.name }}
- config:
- retention.ms: {{ .Values.config.kafka.topicRetentionMs }}
- segment.bytes: {{ .Values.config.kafka.topicSegmentBytes }}
-{{- end }} \ No newline at end of file
diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index faf46e5549..b7b3acd909 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -31,13 +31,10 @@ global:
replicaCount: 3
clusterName: cassandra
dataCenter: Pod
- # Strimzi kafka config
+ # Global Strimzi kafka config overridden
+ # from parent values.yaml
kafka:
useKafka: overridden-from-parent-values-yaml
- sdcBeKafkaUser: overridden-from-parent-values-yaml
- topics:
- sdcDistNotifTopic: overridden-from-parent-values-yaml
- sdcDistStatusTopic: overridden-from-parent-values-yaml
#################################################################
# Application configuration defaults.
@@ -53,7 +50,7 @@ debugEnabled: false
#environment file
env:
- name: AUTO
+ name: &env AUTO
certInitializer:
nameOverride: sdc-be-cert-init
@@ -78,29 +75,21 @@ certInitializer:
#################################################################
# SDC Config part
#################################################################
-
-secrets:
- - uid: sdc-be-kafka-secret
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
-
config:
javaOptions: "-Xmx1536m -Xms1536m"
cassandraSslEnabled: "false"
- # Strimzi kafka config
- kafka:
- saslMech: scram-sha-512
- securityProtocol: SASL_PLAINTEXT
- authType: simple
- topicRetentionMs: 7200000
- topicSegmentBytes: 1073741824
- topicConsumer:
- pattern: SDC-DIST
- groupId: sdc
+
+kafkaUser:
+ acls:
+ - name: sdc
+ suffix: *env
+ type: group
+ operations: [Read]
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
+
# default number of instances
replicaCount: 1
diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json
index aee666f4af..065a756822 100755
--- a/kubernetes/sdc/resources/config/environments/AUTO.json
+++ b/kubernetes/sdc/resources/config/environments/AUTO.json
@@ -36,12 +36,14 @@
]
},
"Kafka": {
- "bootstrap": "{{ include "common.release" . }}-{{ .Values.global.kafka.kafkaBootstrap }}"
+ "bootstrap": "{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092"
},
+ {{- if .Values.global.kafka.useKafka }}
"DistributionTopics": {
"notificationTopicName": "{{ .Values.global.kafka.topics.sdcDistNotifTopic }}",
"statusTopicName": "{{ .Values.global.kafka.topics.sdcDistStatusTopic }}"
},
+ {{- end }}
"Nodes": {
"CS": [
"{{.Values.global.sdc_cassandra.serviceName}}.{{include "common.namespace" .}}"
diff --git a/kubernetes/sdc/templates/kafkatopic.yaml b/kubernetes/sdc/templates/kafkatopic.yaml
new file mode 100644
index 0000000000..53352c4e56
--- /dev/null
+++ b/kubernetes/sdc/templates/kafkatopic.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.global.kafka.useKafka }}
+{{ include "common.kafkatopic" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml
index 60a361eae6..1e11ca6410 100644
--- a/kubernetes/sdc/values.yaml
+++ b/kubernetes/sdc/values.yaml
@@ -42,19 +42,26 @@ global:
clusterName: cassandra
dataCenter: Pod
centralizedLoggingEnabled: true
- # Kafka config
+ # global Kafka config passed to sdc-be chart
kafka:
+ # If true, the following Strimzi KafkaTopics will be created
useKafka: true
- sdcBeKafkaUser: sdc-be-kafka-user
- kafkaBootstrap: strimzi-kafka-bootstrap:9092
topics:
- sdcDistNotifTopic: SDC-DISTR-NOTIF-TOPIC
- sdcDistStatusTopic: SDC-DISTR-STATUS-TOPIC
+ sdcDistNotifTopic: &notif-topic-name SDC-DISTR-NOTIF-TOPIC
+ sdcDistStatusTopic: &status-topic-name SDC-DISTR-STATUS-TOPIC
+
+# Environment file
+env:
+ name: &env AUTO
+
+kafkaTopic:
+ - name: *notif-topic-name
+ suffix: *env
+ - name: *status-topic-name
+ suffix: *env
sdc-be:
logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc'
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafka.sdcBeKafkaUser }}'
sdc-fe:
logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc'
sdc-onboarding-be:
@@ -62,10 +69,6 @@ sdc-onboarding-be:
sdc-wfd-fe:
logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc'
-# Environment file
-env:
- name: AUTO
-
config:
logstashServiceName: log-ls
logstashPort: 5044