[SO-SDC-DIST] Updgrade sdc-controller to kafka native

Update sdc-controller to use new sdc-dist client
Add sdc-controller KafkaUser for SDC topic auth

Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Change-Id: I7969bb79a2b329d1140eacc953b40dd487456bcb
Issue-ID: DMAAP-1815

diff --git a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml
index 29a1cf7..50cf231 100755 (executable)
--- a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml
@@ -74,26 +74,28 @@ mso:
   asdc-connections:
     asdc-controller1:
       user: mso
-      consumerGroup: SO-OpenSource-Env11
-      consumerId: SO-COpenSource-Env11
+      consumerGroup: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
+      consumerId: {{ .Values.config.kafka.sdcTopic.clientId }}
       environmentName: AUTO
       {{ if (include "common.needTLS" .) }}
-      asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443
+      sdcAddress: sdc-be.{{ include "common.namespace" . }}:8443
       {{ else }}
-      asdcAddress: sdc-be.{{ include "common.namespace" . }}:8080
+      sdcAddress: sdc-be.{{ include "common.namespace" . }}:8080
       {{ end }}
       password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }}
       pollingInterval: 60
       pollingTimeout: 60
       relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL
-      useHttpsWithDmaap: false
       useHttpsWithSdc: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
       activateServerTLSAuth: false
       keyStorePassword:
       keyStorePath:
       watchDogTimeout: 300
       isFitlerInEmptyResources: true
-      messageBusAddress: message-router.{{ include "common.namespace" . }},message-router.{{ include "common.namespace" . }}
+      httpsProxyHost:
+      httpProxyHost:
+      httpsProxyPort: 0
+      httpProxyPort: 0
   asdc:
     config:
       activity:

diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
index 55493f7..0d1977b 100755 (executable)
--- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
+++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
@@ -71,6 +71,12 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
         - name: DB_ADMIN_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+        - name: SECURITY_PROTOCOL
+          value: {{ .Values.config.kafka.securityProtocol }}
+        - name: SASL_MECHANISM
+          value: {{ .Values.config.kafka.saslMechanism }}
+        - name: SASL_JAAS_CONFIG
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }}
         {{ include "so.certificates.env" . | indent 8 | trim }}
         envFrom:
         - configMapRef:

diff --git a/kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml b/kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml
new file mode 100644 (file)
index 0000000..4619c8e
--- /dev/null
+++ b/kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml
@@ -0,0 +1,36 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+  name: {{ include "common.release" . }}-{{ .Values.global.soSdcListenerKafkaUser }}
+  labels:
+    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+  authentication:
+    type: {{ .Values.config.kafka.saslMechanism | lower }}
+  authorization:
+    type: {{ .Values.config.kafka.authType }}
+    acls:
+    - resource:
+        type: group
+        name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
+      operation: All
+    - resource:
+        type: topic
+        patternType: prefix
+        name: {{ .Values.config.kafka.sdcTopic.pattern }}
+      operation: All

diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml
index f006c07..63a641c 100755 (executable)
--- a/kubernetes/so/components/so-sdc-controller/values.yaml
+++ b/kubernetes/so/components/so-sdc-controller/values.yaml
@@ -28,6 +28,7 @@ global:
   mariadbGalera:
     serviceName: mariadb-galera
     servicePort: '3306'
+  soSdcListenerKafkaUser: so-sdc-list-user
 
 readinessCheck:
   wait_for:
@@ -50,6 +51,13 @@ secrets:
     login: '{{ .Values.db.adminName }}'
     password: '{{ .Values.db.adminPassword }}'
     passwordPolicy: required
+  - uid: so-sdc-kafka-secret
+    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+    type: genericKV
+    envs:
+      - name: sasl.jaas.config
+        value: '{{ .Values.config.someConfig }}'
+        policy: generate
 
 #secretsFilePaths: |
 #  - 'my file 1'
@@ -58,7 +66,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-image: onap/so/sdc-controller:1.11.0
+image: onap/so/sdc-controller:1.12.0
 pullPolicy: Always
 
 db:
@@ -81,6 +89,16 @@ mso:
   asdc-connections:
     asdc-controller1:
       password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+config:
+  someConfig: blah
+  kafka:
+    securityProtocol: SASL_PLAINTEXT
+    saslMechanism: SCRAM-SHA-512
+    authType: simple
+    sdcTopic:
+      pattern: SDC-DIST
+      consumerGroup: so
+      clientId: SO-sdc-controller
 
 replicaCount: 1
 minReadySeconds: 10

diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index cc63ca5..32e6e47 100755 (executable)
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -62,6 +62,8 @@ global:
     path: /etc/ssl/certs
     share_path: /usr/local/share/ca-certificates/
 
+  soSdcListenerKafkaUser: so-sdc-list-user
+
 readinessCheck:
   wait_for:
     jobs:
@@ -387,6 +389,8 @@ so-sdc-controller:
   db:
     <<: *dbSecrets
   logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.soSdcListenerKafkaUser }}'
 
 so-sdnc-adapter:
   enabled: true