blob: a2e9c90a4f5bb381e2d4c54db3227b976e70e84f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
{{/*
# Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
{{/*
Create a Strimzi KafkaUser.
Usage:
include "common.kafkauser" .
Strimzi kafka provides cluster access via its custom resource definition KafkaUser
which is deployed using its User Operator component.
See more info here - https://github.com/strimzi/strimzi-kafka-operator/blob/main/helm-charts/helm3/strimzi-kafka-operator/crds/044-Crd-kafkauser.yaml
This allows fine grained access control per user towards the kafka cluster.
See more info here - https://strimzi.io/docs/operators/latest/configuring.html#proc-configuring-kafka-user-str
The kafka user definition is defined as part of .Values per component.
For general use by OOM components, the following list of acl types should suffice:
type: group (Used by the client app to be added to a particular kafka consumer group)
type: topic (1 or more kafka topics that the client needs to access. Commonly [Read,Write])
Note: The template will use the following default values.
spec.authentication.type: scram-sha-512 (dictated by the available broker listeners on the kafka cluster)
spec.authorization.type: simple (Only type supported by strimzi at present)
spec.authorization.acls.resource.patternType: literal
Example:
kafkaUser:
acls:
- name: sdc (mandatory)
suffix: mysuffix (optional. Will be appended (with a hyphen) to the "name" entry. ie "sdc-mysuffix")
type: group (mandatory. Type "group" is used by the client as it's kafka consumer group)
operations: [Read] (mandatory. List of at least 1)
- name: SDC-DISTR
type: topic
patternType: prefix (optional. In this example, the user will be provided Read and Write access to all topics named "SDC-DISTR*")
operations: [Read, Write]
*/}}
{{- define "common.kafkauser" -}}
{{- $global := .global }}
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
name: {{ include "common.name" . }}-ku
labels:
strimzi.io/cluster: {{ include "common.release" . }}-strimzi
spec:
authentication:
type: {{ .Values.kafkaUser.authenticationType | default "scram-sha-512" }}
authorization:
type: {{ .Values.kafkaUser.authorizationType | default "simple" }}
acls:
{{- range $acl := .Values.kafkaUser.acls }}
- resource:
type: {{ $acl.type }}
patternType: {{ $acl.patternType | default "literal" }}
name: {{ ternary (printf "%s-%s" $acl.name $acl.suffix) $acl.name (hasKey $acl "suffix") }}
operations:
{{- range $operation := $acl.operations }}
- {{ . }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Create a Strimzi KafkaTopic.
Usage:
include "common.kafkatopic" .
Strimzi kafka provides kafka topic management via its custom resource definition KafkaTopic
which is deployed using its Topic Operator component.
See more info here - https://github.com/strimzi/strimzi-kafka-operator/blob/main/helm-charts/helm3/strimzi-kafka-operator/crds/043-Crd-kafkatopic.yaml
Note: KafkaTopic names should adhere to kubernetes object naming conventions - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/
maximum length of 253 characters and consist of lower case alphanumeric characters, -, and .
Note: The template will use the following default values.
spec.config.retention.ms: 7200000 (defaults to 2 hrs retention for kafka topic logs)
spec.config.segment.bytes: 1073741824 (defaults to 1gb)
spec.partitions: 6 (defaults to (2 * (default.replication.factor)) defined by the strimzi broker conf)
spec.replicas: 3 (defaults to default.replication.factor defined by the strimzi broker conf. Must be > 0 and <= (num of broker replicas))
The kafka topic definition is defined as part of .Values per component.
Example:
kafkaTopic:
- name: my-new-topic (mandatory)
retentionMs: 7200000 (optional. Defaults to 2hrs)
segmentBytes: 1073741824 (optional. Defaults to 1gb)
suffix: my-suffix (optional. Will be appended (with a hyphen) to the "name" value. ie "my-new-topic-my-suffix")
- name: my.other.topic
suffix: some.other-suffix
*/}}
{{- define "common.kafkatopic" -}}
{{- $global := .global }}
{{- range $topic := .Values.kafkaTopic }}
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaTopic
metadata:
{{- if (hasKey $topic "strimziTopicName") }}
name: {{ ($topic.strimziTopicName) }}-kt
{{- else }}
name: {{ ($topic.name) | lower }}-kt
{{- end }}
labels:
strimzi.io/cluster: {{ include "common.release" $ }}-strimzi
spec:
{{- if (hasKey $topic "partitions") }}
partitions: {{ $topic.partitions }}
{{- end }}
{{- if (hasKey $topic "replicas") }}
replicas: {{ $topic.replicas }}
{{- end }}
topicName: {{ ternary (printf "%s-%s" $topic.name $topic.suffix) $topic.name (hasKey $topic "suffix") }}
config:
retention.ms: {{ $topic.retentionMs | default "7200000" }}
segment.bytes: {{ $topic.segmentBytes | default "1073741824"}}
---
{{- end }}
{{- end -}}
|
