From 73c5f00c93faa9238e8721fa4345c35ae256ccb1 Mon Sep 17 00:00:00 2001
From: Sirisha_Manchikanti <sirisha.manchikanti@est.tech>
Date: Mon, 25 Jul 2022 17:04:45 +0100
Subject: [POLICY] Add strimzi kafka config from helm charts

Add strimzi kafka user and topics for policy components in
relevant helm charts.

Issue-ID: POLICY-4133
Signed-off-by: Sirisha_Manchikanti <sirisha.manchikanti@est.tech>
Change-Id: If0e1107c03acdfed83bfc359a45ad546d134bd30
---
 .../config/PolicyParticipantParameters.yaml        | 14 ++++++++++
 .../templates/deployment.yaml                      |  4 +++
 .../components/policy-clamp-ac-pf-ppnt/values.yaml | 32 ++++++++++++++++++++++
 3 files changed, 50 insertions(+)

(limited to 'kubernetes/policy/components/policy-clamp-ac-pf-ppnt')

diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
index 0160ff45df..856b16d91d 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
@@ -21,6 +21,20 @@ spring:
     user:
       name: ${RESTSERVER_USER}
       password: ${RESTSERVER_PASSWORD}
+{{- if .Values.config.useStrimziKafka }}
+  kafka:
+    bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+    security.protocol: SASL_PLAINTEXT
+    properties.sasl:
+      mechanism: SCRAM-SHA-512
+      jaas.config: ${JAASLOGIN}
+{{ else }}
+{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+{{- end }}
+
+{{- if .Values.config.additional }}
+{{ toYaml .Values.config.additional | nindent 2 }}
+{{- end }}
 security:
   enable-csrf: false
 
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
index b13e013f47..a127885cce 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
@@ -46,6 +46,10 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
         - name: RESTSERVER_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
+{{- if .Values.config.useStrimziKafka }}
+        - name: JAASLOGIN
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+{{- end }}
         volumeMounts:
         - mountPath: /config-input
           name: ac-pf-ppnt-config
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
index b99b60e397..6fefa02783 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
@@ -55,6 +55,13 @@ secrets:
     externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
     password: '{{ .Values.certStores.trustStorePassword }}'
     passwordPolicy: required
+  - uid: policy-kafka-user
+    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+    type: genericKV
+    envs:
+      - name: sasl.jaas.config
+        value: '{{ .Values.config.someConfig }}'
+        policy: generate
 
 certStores:
   keyStorePassword: Pol1cy_0nap
@@ -155,3 +162,28 @@ serviceAccount:
   nameOverride: policy-clamp-ac-pf-ppnt
   roles:
     - read
+
+config:
+# Event consumption (kafka) properties
+  useStrimziKafka: true
+  kafkaBootstrap: strimzi-kafka-bootstrap
+  kafka:
+    consumer:
+      groupId: policy-group
+  app:
+    listener:
+      acRuntimeTopic: policy-acruntime-participant
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+#   spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+#   spring.kafka.security.protocol: PLAINTEXT
+#   spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+#   spring.config.max-size: 200
+#   spring.config.min-size: 10
-- 
cgit 1.2.3-korg