From 8d3ff807180b3721ce2551842ec963eff2554404 Mon Sep 17 00:00:00 2001 From: efiacor Date: Wed, 23 Nov 2022 12:13:26 +0000 Subject: [SO-SDC-DIST] Updgrade sdc-controller to kafka native Update sdc-controller to use new sdc-dist client Add sdc-controller KafkaUser for SDC topic auth Signed-off-by: efiacor Change-Id: I7969bb79a2b329d1140eacc953b40dd487456bcb Issue-ID: DMAAP-1815 --- .../resources/config/overrides/override.yaml | 14 +++++---- .../so-sdc-controller/templates/deployment.yaml | 6 ++++ .../templates/so-sdc-dist-kakfa-user.yaml | 36 ++++++++++++++++++++++ .../so/components/so-sdc-controller/values.yaml | 20 +++++++++++- kubernetes/so/values.yaml | 4 +++ 5 files changed, 73 insertions(+), 7 deletions(-) create mode 100644 kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml diff --git a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml index 29a1cf7443..50cf231a20 100755 --- a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml @@ -74,26 +74,28 @@ mso: asdc-connections: asdc-controller1: user: mso - consumerGroup: SO-OpenSource-Env11 - consumerId: SO-COpenSource-Env11 + consumerGroup: {{ .Values.config.kafka.sdcTopic.consumerGroup }} + consumerId: {{ .Values.config.kafka.sdcTopic.clientId }} environmentName: AUTO {{ if (include "common.needTLS" .) }} - asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443 + sdcAddress: sdc-be.{{ include "common.namespace" . }}:8443 {{ else }} - asdcAddress: sdc-be.{{ include "common.namespace" . }}:8080 + sdcAddress: sdc-be.{{ include "common.namespace" . }}:8080 {{ end }} password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }} pollingInterval: 60 pollingTimeout: 60 relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL - useHttpsWithDmaap: false useHttpsWithSdc: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} activateServerTLSAuth: false keyStorePassword: keyStorePath: watchDogTimeout: 300 isFitlerInEmptyResources: true - messageBusAddress: message-router.{{ include "common.namespace" . }},message-router.{{ include "common.namespace" . }} + httpsProxyHost: + httpProxyHost: + httpsProxyPort: 0 + httpProxyPort: 0 asdc: config: activity: diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml index 55493f7c42..0d1977beff 100755 --- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml @@ -71,6 +71,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + - name: SECURITY_PROTOCOL + value: {{ .Values.config.kafka.securityProtocol }} + - name: SASL_MECHANISM + value: {{ .Values.config.kafka.saslMechanism }} + - name: SASL_JAAS_CONFIG + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }} {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: diff --git a/kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml b/kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml new file mode 100644 index 0000000000..4619c8ebc0 --- /dev/null +++ b/kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml @@ -0,0 +1,36 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: {{ include "common.release" . }}-{{ .Values.global.soSdcListenerKafkaUser }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + authentication: + type: {{ .Values.config.kafka.saslMechanism | lower }} + authorization: + type: {{ .Values.config.kafka.authType }} + acls: + - resource: + type: group + name: {{ .Values.config.kafka.sdcTopic.consumerGroup }} + operation: All + - resource: + type: topic + patternType: prefix + name: {{ .Values.config.kafka.sdcTopic.pattern }} + operation: All diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml index f006c0772c..63a641c359 100755 --- a/kubernetes/so/components/so-sdc-controller/values.yaml +++ b/kubernetes/so/components/so-sdc-controller/values.yaml @@ -28,6 +28,7 @@ global: mariadbGalera: serviceName: mariadb-galera servicePort: '3306' + soSdcListenerKafkaUser: so-sdc-list-user readinessCheck: wait_for: @@ -50,6 +51,13 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required + - uid: so-sdc-kafka-secret + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate #secretsFilePaths: | # - 'my file 1' @@ -58,7 +66,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/sdc-controller:1.11.0 +image: onap/so/sdc-controller:1.12.0 pullPolicy: Always db: @@ -81,6 +89,16 @@ mso: asdc-connections: asdc-controller1: password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F +config: + someConfig: blah + kafka: + securityProtocol: SASL_PLAINTEXT + saslMechanism: SCRAM-SHA-512 + authType: simple + sdcTopic: + pattern: SDC-DIST + consumerGroup: so + clientId: SO-sdc-controller replicaCount: 1 minReadySeconds: 10 diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index cc63ca50c0..32e6e4776d 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -62,6 +62,8 @@ global: path: /etc/ssl/certs share_path: /usr/local/share/ca-certificates/ + soSdcListenerKafkaUser: so-sdc-list-user + readinessCheck: wait_for: jobs: @@ -387,6 +389,8 @@ so-sdc-controller: db: <<: *dbSecrets logConfigMapNamePrefix: '{{ include "common.release" . }}-so' + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.soSdcListenerKafkaUser }}' so-sdnc-adapter: enabled: true -- cgit 1.2.3-korg