From: david.mcweeney <david.mcweeney@est.tech>
Date: Wed, 23 Nov 2022 14:50:45 +0000 (+0000)
Subject: [CDS-SDC-DIST] Upgrade cds to kafka native
X-Git-Tag: 12.0.0~153
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=dd4398c6e3a76a23ce52f31689e6dafde4cad4e9;hp=e0259590627cd9e7925b6912ac2203091dbb54bf;p=oom.git

[CDS-SDC-DIST] Upgrade cds to kafka native

Upgrading cds to use Kafka Native
Adding a CDS Kafka User for topic Auth

Signed-off-by: david.mcweeney <david.mcweeney@est.tech>
Change-Id: If2116a7bf0618c0c2bc42473dccb248cd11ebf92
Issue-ID: DMAAP-1815
---

diff --git a/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml
index 3710f5f510..6024309d4f 100644
--- a/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml
@@ -1,19 +1,18 @@
 listenerservice:
   config:
-    asdcAddress: sdc-be.{{include "common.namespace" .}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }} #SDC-BE
+    sdcAddress: sdc-be.{{include "common.namespace" .}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }} #SDC-BE
     messageBusAddress: message-router.{{include "common.namespace" .}} #Message-Router
     user: cds #SDC-username
     password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U #SDC-password
     pollingInterval: 15
     pollingTimeout: 60
     relevantArtifactTypes: TOSCA_CSAR
-    consumerGroup: cds
+    consumerGroup: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
+    consumerId: {{ .Values.config.kafka.sdcTopic.clientId }}
     environmentName: AUTO
-    consumerId: cds
     keyStorePassword:
     keyStorePath:
     activateServerTLSAuth : false
-    isUseHttpsWithDmaap: false
     isUseHttpsWithSDC: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
     archivePath: /opt/app/onap/sdc-listener/
     grpcAddress: cds-blueprints-processor-grpc
diff --git a/kubernetes/cds/components/cds-sdc-listener/templates/cds-sdc-list-kafka-user.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/cds-sdc-list-kafka-user.yaml
new file mode 100644
index 0000000000..58d99dd5b1
--- /dev/null
+++ b/kubernetes/cds/components/cds-sdc-listener/templates/cds-sdc-list-kafka-user.yaml
@@ -0,0 +1,36 @@
+{{/*
+# Copyright Â© 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+  name: {{ include "common.release" . }}-{{ .Values.global.cdsSdcListenerKafkaUser }}
+  labels:
+    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+  authentication:
+    type: {{ .Values.config.kafka.saslMechanism | lower }}
+  authorization:
+    type: {{ .Values.config.kafka.authType }}
+    acls:
+    - resource:
+        type: group
+        name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
+      operation: All
+    - resource:
+        type: topic
+        patternType: prefix
+        name: {{ .Values.config.kafka.sdcTopic.pattern }}
+      operation: All
diff --git a/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml
index 3a6d76165b..d01e3b0af5 100644
--- a/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright (c) 2019 Bell Canada
+# Modification Copyright Â© 2022 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -42,8 +43,6 @@ spec:
             - --container-name
             - sdc-be
             - --container-name
-            - message-router
-            - --container-name
             - cds-blueprints-processor
           env:
           - name: NAMESPACE
@@ -61,6 +60,12 @@ spec:
           env:
           - name: APP_CONFIG_HOME
             value: {{ .Values.config.appConfigDir }}
+          - name: SECURITY_PROTOCOL
+            value: {{ .Values.config.kafka.securityProtocol }}
+          - name: SASL_MECHANISM
+            value: {{ .Values.config.kafka.saslMechanism }}
+          - name: SASL_JAAS_CONFIG
+            value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 12 }}
           ports:
           - containerPort: {{ .Values.service.http.internalPort }}
             name: {{ .Values.service.http.portName }}
diff --git a/kubernetes/cds/components/cds-sdc-listener/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml
index 9ceeec8081..3d13802d5d 100644
--- a/kubernetes/cds/components/cds-sdc-listener/values.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml
@@ -1,4 +1,5 @@
 # Copyright (c) 2019 Bell Canada
+# Modification Copyright Â© 2022 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -25,20 +26,40 @@ global:
   persistence:
     mountPath: /dockerdata-nfs
 
+  cdsSdcListenerKafkaUser: cds-sdc-list-user
+
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/ccsdk-sdclistener:1.4.1
+image: onap/ccsdk-sdclistener:1.5.0
 name: sdc-listener
 pullPolicy: Always
 
 # flag to enable debugging - application support required
 debugEnabled: false
 
+secrets:
+  - uid: cds-sdc-kafka-secret
+    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+    type: genericKV
+    envs:
+      - name: sasl.jaas.config
+        value: '{{ .Values.config.someConfig }}'
+        policy: generate
+
 # application configuration
 config:
   appConfigDir: /opt/app/onap/config
+  someConfig: blah
+  kafka:
+    securityProtocol: SASL_PLAINTEXT
+    saslMechanism: SCRAM-SHA-512
+    authType: simple
+    sdcTopic:
+      pattern: SDC-DIST
+      consumerGroup: cds
+      clientId: cds-sdc-listener
 
 # default number of instances
 replicaCount: 1
diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml
index 58e6b65c6f..4c06d30a80 100644
--- a/kubernetes/cds/values.yaml
+++ b/kubernetes/cds/values.yaml
@@ -24,6 +24,7 @@ global:
   persistence:
     mountPath: /dockerdata-nfs
   cdsKafkaUser: cds-kafka-user
+  cdsSdcListenerKafkaUser: cds-sdc-list-user
 
 #################################################################
 # Secrets metaconfig
@@ -224,6 +225,8 @@ cds-py-executor:
 
 cds-sdc-listener:
   enabled: true
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.cdsSdcListenerKafkaUser }}'
 
 cds-ui:
   enabled: true