From 1e6ad11acdc684bfba3ad2ba99a7a20a1b813fce Mon Sep 17 00:00:00 2001 From: efiacor Date: Wed, 22 Mar 2023 11:04:45 +0000 Subject: [PATCH] [SO-SDC-DIST] Move to use strimzi kafka tpl Use Strimzi common tpl for so-sdc-distribution Signed-off-by: efiacor Change-Id: I744e5bb49b42e35a87eb8f29695b4102e3c1f507 Issue-ID: DMAAP-1876 --- .../resources/config/overrides/override.yaml | 6 ++-- .../so-sdc-controller/templates/deployment.yaml | 9 +++--- .../so-sdc-controller/templates/kafkauser.yaml | 16 ++++++++++ .../templates/so-sdc-dist-kakfa-user.yaml | 36 ---------------------- .../so/components/so-sdc-controller/values.yaml | 33 ++++++++++---------- kubernetes/so/values.yaml | 4 --- 6 files changed, 40 insertions(+), 64 deletions(-) create mode 100644 kubernetes/so/components/so-sdc-controller/templates/kafkauser.yaml delete mode 100644 kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml diff --git a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml index 0630497bdb..473b1c3bcf 100755 --- a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml @@ -68,8 +68,10 @@ mso: asdc-connections: asdc-controller1: user: mso - consumerGroup: {{ .Values.config.kafka.sdcTopic.consumerGroup }} - consumerId: {{ .Values.config.kafka.sdcTopic.clientId }} + {{ with (first .Values.kafkaUser.acls) }} + consumerId: {{ .name }}-sdc-controller + consumerGroup: {{ .name }} + {{ end }} environmentName: AUTO sdcAddress: sdc-be.{{ include "common.namespace" . }}:8080 password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }} diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml index 4becf41897..12de6bd382 100755 --- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml @@ -47,12 +47,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - - name: SECURITY_PROTOCOL - value: {{ .Values.config.kafka.securityProtocol }} - - name: SASL_MECHANISM - value: {{ .Values.config.kafka.saslMechanism }} - name: SASL_JAAS_CONFIG - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }} + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/components/so-sdc-controller/templates/kafkauser.yaml b/kubernetes/so/components/so-sdc-controller/templates/kafkauser.yaml new file mode 100644 index 0000000000..6fc37c3d01 --- /dev/null +++ b/kubernetes/so/components/so-sdc-controller/templates/kafkauser.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.kafkauser" . }} diff --git a/kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml b/kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml deleted file mode 100644 index 4619c8ebc0..0000000000 --- a/kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{/* -# Copyright © 2022 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: kafka.strimzi.io/v1beta2 -kind: KafkaUser -metadata: - name: {{ include "common.release" . }}-{{ .Values.global.soSdcListenerKafkaUser }} - labels: - strimzi.io/cluster: {{ include "common.release" . }}-strimzi -spec: - authentication: - type: {{ .Values.config.kafka.saslMechanism | lower }} - authorization: - type: {{ .Values.config.kafka.authType }} - acls: - - resource: - type: group - name: {{ .Values.config.kafka.sdcTopic.consumerGroup }} - operation: All - - resource: - type: topic - patternType: prefix - name: {{ .Values.config.kafka.sdcTopic.pattern }} - operation: All diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml index dbde74808b..81ae6ae7fd 100755 --- a/kubernetes/so/components/so-sdc-controller/values.yaml +++ b/kubernetes/so/components/so-sdc-controller/values.yaml @@ -45,13 +45,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: so-sdc-kafka-secret - externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' - type: genericKV - envs: - - name: sasl.jaas.config - value: '{{ .Values.config.someConfig }}' - policy: generate #secretsFilePaths: | # - 'my file 1' @@ -83,27 +76,19 @@ mso: asdc-connections: asdc-controller1: password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F -config: - someConfig: blah - kafka: - securityProtocol: SASL_PLAINTEXT - saslMechanism: SCRAM-SHA-512 - authType: simple - sdcTopic: - pattern: SDC-DIST - consumerGroup: so - clientId: SO-sdc-controller replicaCount: 1 minReadySeconds: 10 containerPort: &containerPort 8085 logPath: ./logs/sdc/ app: sdc-controller + service: type: ClusterIP ports: - name: http port: *containerPort + updateStrategy: type: RollingUpdate maxUnavailable: 1 @@ -134,6 +119,7 @@ resources: memory: 2Gi cpu: 1000m unlimited: {} + livenessProbe: path: /manage/health port: 8085 @@ -143,12 +129,25 @@ livenessProbe: timeoutSeconds: 10 successThreshold: 1 failureThreshold: 3 + ingress: enabled: false + nodeSelector: {} tolerations: [] affinity: {} +# Strimzi KafkaUser config +kafkaUser: + acls: + - name: SO + type: group + operations: [Read] + - name: SDC-DISTR + type: topic + patternType: prefix + operations: [Read, Write] + #Pods Service Account serviceAccount: nameOverride: so-sdc-controller diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index a35fe3274a..68905358c3 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -51,8 +51,6 @@ global: auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 defaultCloudOwner: onap - soSdcListenerKafkaUser: so-sdc-list-user - readinessCheck: wait_for: jobs: @@ -705,8 +703,6 @@ so-sdc-controller: db: <<: *dbSecrets logConfigMapNamePrefix: '{{ include "common.release" . }}-so' - config: - jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.soSdcListenerKafkaUser }}' so-sdnc-adapter: enabled: true -- 2.16.6