From eb68c405edd326112581ad901f1ce1d3d2e2b98b Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Thu, 23 Feb 2023 11:09:01 +0100 Subject: [STRIMZI] External Kafka Access via Ingress Add Ingress configuration for Kafka brokers and bootstrap service and add advertized host/port settings Change the _service.tpl to modify a Nodeport to a ClusterIP depending in the usage of Ingress Issue-ID: OOM-3109 Signed-off-by: Andreas Geissler Change-Id: I19a405b7fb9c06ce40322e7af824e1aad5baaa90 --- kubernetes/common/common/templates/_ingress.tpl | 15 +++++++++++++ kubernetes/common/common/templates/_service.tpl | 2 +- kubernetes/strimzi/templates/ingress.yaml | 17 +++++++++++++++ kubernetes/strimzi/templates/strimzi-kafka.yaml | 16 +++++++++++++- kubernetes/strimzi/values.yaml | 28 +++++++++++++++++++++++++ 5 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 kubernetes/strimzi/templates/ingress.yaml diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 7065338cf9..30ef02295f 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -14,6 +14,21 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} +{{/* + Helper function to check, if Ingress is globally enabled +*/}} +{{- define "common.ingressEnabled" -}} +{{- $dot := default . .dot -}} +{{- if $dot.Values.ingress -}} +{{- if $dot.Values.global.ingress -}} +{{- if (default false $dot.Values.global.ingress.enabled) -}} +true +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + + {{/* Create the hostname as concatination . - baseaddr: from component values: ingress.service.baseaddr diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 4b6e0a1aae..3db01396ca 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -250,7 +250,7 @@ spec: {{- $both_tls_and_plain:= default false $dot.Values.service.both_tls_and_plain }} {{- $labels := default (dict) .labels -}} {{- $matchLabels := default (dict) .matchLabels -}} -{{- if and (include "common.onServiceMesh" $dot) (eq $serviceType "NodePort") }} +{{- if and (include "common.ingressEnabled" $dot) (eq $serviceType "NodePort") -}} {{- $serviceType = "ClusterIP" }} {{- end }} diff --git a/kubernetes/strimzi/templates/ingress.yaml b/kubernetes/strimzi/templates/ingress.yaml new file mode 100644 index 0000000000..bcc60a0953 --- /dev/null +++ b/kubernetes/strimzi/templates/ingress.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.ingress" . }} diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml index b35485f11c..99252ec3e6 100644 --- a/kubernetes/strimzi/templates/strimzi-kafka.yaml +++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml @@ -35,20 +35,34 @@ spec: type: tls - name: external port: 9094 - type: nodeport + type: {{ if (include "common.ingressEnabled" .) }}cluster-ip{{ else }}nodeport{{ end }} tls: true authentication: type: tls configuration: + {{- if not (include "common.ingressEnabled" .) }} bootstrap: nodePort: {{ .Values.global.nodePortPrefixExt }}93 + {{- end }} brokers: - broker: 0 + advertisedHost: {{ .Values.config.advertisedHost }} + advertisedPort: {{ .Values.config.advertizedPortBroker0 }} + {{- if not (include "common.ingressEnabled" .) }} nodePort: {{ .Values.global.nodePortPrefixExt }}90 + {{- end }} - broker: 1 + advertisedHost: {{ .Values.config.advertisedHost }} + advertisedPort: {{ .Values.config.advertizedPortBroker1 }} + {{- if not (include "common.ingressEnabled" .) }} nodePort: {{ .Values.global.nodePortPrefixExt }}91 + {{- end }} - broker: 2 + advertisedHost: {{ .Values.config.advertisedHost }} + advertisedPort: {{ .Values.config.advertizedPortBroker2 }} + {{- if not (include "common.ingressEnabled" .) }} nodePort: {{ .Values.global.nodePortPrefixExt }}92 + {{- end }} authorization: type: {{ .Values.config.authType }} superUsers: diff --git a/kubernetes/strimzi/values.yaml b/kubernetes/strimzi/values.yaml index e6da1d55db..ec1ed887a7 100644 --- a/kubernetes/strimzi/values.yaml +++ b/kubernetes/strimzi/values.yaml @@ -29,6 +29,10 @@ config: saslMechanism: &saslMech scram-sha-512 kafkaInternalPort: &plainPort 9092 strimziKafkaAdminUser: &adminUser strimzi-kafka-admin + advertisedHost: kafka-api.simpledemo.onap.org + advertizedPortBroker0: &advertizedPortBroker0 9000 + advertizedPortBroker1: &advertizedPortBroker1 9001 + advertizedPortBroker2: &advertizedPortBroker2 9002 persistence: enabled: &pvenabled true @@ -56,6 +60,30 @@ serviceAccount: roles: - read +ingress: + enabled: false + service: + - baseaddr: "kafka-bootstrap-api" + name: "onap-strimzi-kafka-external-bootstrap" + port: 9094 + exposedPort: 9010 + exposedProtocol: TLS + - baseaddr: "kafka-0-api" + name: "onap-strimzi-kafka-0" + port: 9094 + exposedPort: *advertizedPortBroker0 + exposedProtocol: TLS + - baseaddr: "kafka-1-api" + name: "onap-strimzi-kafka-1" + port: 9094 + exposedPort: *advertizedPortBroker1 + exposedProtocol: TLS + - baseaddr: "kafka-2-api" + name: "onap-strimzi-kafka-2" + port: 9094 + exposedPort: *advertizedPortBroker2 + exposedProtocol: TLS + ###################### # Component overrides ###################### -- cgit 1.2.3-korg