From c8c3316188fbc38e7504207432c7f13c69fdfae3 Mon Sep 17 00:00:00 2001 From: efiacor Date: Fri, 25 Nov 2022 11:36:52 +0000 Subject: [PATCH] [MULTICLOUD-SDC-DIST] Updgrade artifactbroker to use kafka native Bump artifactbroker Update sdc-dist config Signed-off-by: efiacor Change-Id: Ie54cd493ad3184b29eb48b099de973ab677d1008 Issue-ID: DMAAP-1819 --- .../multicloud-k8s/resources/config/config.json | 10 ++---- .../multicloud-k8s/templates/deployment.yaml | 7 +++++ .../multicloud-k8s-sdc-list-kafka-user.yaml | 36 ++++++++++++++++++++++ .../multicloud-k8s/templates/secret.yaml | 17 ++++++++++ .../components/multicloud-k8s/values.yaml | 26 +++++++++++++++- .../components/multicloud-starlingx/values.yaml | 2 +- .../components/multicloud-windriver/values.yaml | 2 +- kubernetes/multicloud/values.yaml | 5 ++- 8 files changed, 94 insertions(+), 11 deletions(-) create mode 100644 kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml create mode 100644 kubernetes/multicloud/components/multicloud-k8s/templates/secret.yaml diff --git a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json index cf818798d4..4a08322634 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json +++ b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json @@ -27,15 +27,11 @@ "sdcConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", "parameters":{ - "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}", - "messageBusAddress": [ - "message-router.{{ include "common.namespace" . }}" - ], + "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}", "user": "multicloud", "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", "pollingInterval":20, "pollingTimeout":30, - "consumerId": "multicloud-k8s-id", "artifactTypes": [ "TOSCA_CSAR", "HEAT", @@ -48,13 +44,13 @@ "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT", "HELM" ], - "consumerGroup": "multicloud-k8s-group", + "consumerGroup": "{{ .Values.config.kafka.sdcTopic.consumerGroup }}", + "consumerId": "{{ .Values.config.kafka.sdcTopic.clientId }}", "environmentName": "AUTO", "keystorePath": "null", "keystorePassword": "null", "activeserverTlsAuth": false, "isFilterinEmptyResources": true, - "isUseHttpsWithDmaap": false, "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}, "httpsproxyHost": "null", "httpproxyHost": "null", diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml index c9912ffd17..45494e1730 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml @@ -86,6 +86,13 @@ spec: subPath: config.json - mountPath: /data name: artifact-data + env: + - name: SECURITY_PROTOCOL + value: {{ .Values.config.kafka.securityProtocol }} + - name: SASL_MECHANISM + value: {{ .Values.config.kafka.saslMechanism }} + - name: SASL_JAAS_CONFIG + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "multicloud-k8s-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml new file mode 100644 index 0000000000..7600facb08 --- /dev/null +++ b/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml @@ -0,0 +1,36 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: {{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + authentication: + type: {{ .Values.config.kafka.saslMechanism | lower }} + authorization: + type: {{ .Values.config.kafka.authType }} + acls: + - resource: + type: group + name: {{ .Values.config.kafka.sdcTopic.consumerGroup }} + operation: All + - resource: + type: topic + patternType: prefix + name: {{ .Values.config.kafka.sdcTopic.pattern }} + operation: All diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/secret.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/secret.yaml new file mode 100644 index 0000000000..bb5091f01a --- /dev/null +++ b/kubernetes/multicloud/components/multicloud-k8s/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml index 36cb701a9b..cae151ae58 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml @@ -18,7 +18,20 @@ global: nodePortPrefixExt: 304 persistence: {} - artifactImage: onap/multicloud/framework-artifactbroker:1.8.1 + artifactImage: onap/multicloud/framework-artifactbroker:1.9.0 + multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: multicloud-k8s-sdc-kafka-secret + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate ################################################################# # Application configuration defaults. @@ -27,6 +40,17 @@ global: image: onap/multicloud/k8s:0.10.1 pullPolicy: Always +config: + someConfig: blah + kafka: + securityProtocol: SASL_PLAINTEXT + saslMechanism: SCRAM-SHA-512 + authType: simple + sdcTopic: + pattern: SDC-DIST + consumerGroup: multicloud + clientId: multicloud-k8s + # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml index 1232c3b79a..1fe7775aed 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml @@ -17,7 +17,7 @@ ################################################################# global: nodePortPrefixExt: 304 - artifactImage: onap/multicloud/framework-artifactbroker:1.8.1 + artifactImage: onap/multicloud/framework-artifactbroker:1.9.0 ################################################################# # Application configuration defaults. diff --git a/kubernetes/multicloud/components/multicloud-windriver/values.yaml b/kubernetes/multicloud/components/multicloud-windriver/values.yaml index 33802937cd..a328daedc6 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/values.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/values.yaml @@ -18,7 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - artifactImage: onap/multicloud/framework-artifactbroker:1.8.1 + artifactImage: onap/multicloud/framework-artifactbroker:1.9.0 persistence: {} ################################################################# diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index 9ea62aa98f..21e6a61cf5 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -18,11 +18,12 @@ ################################################################# global: nodePortPrefix: 302 - artifactImage: onap/multicloud/framework-artifactbroker:1.8.1 + artifactImage: onap/multicloud/framework-artifactbroker:1.9.0 prometheus: enabled: false persistence: {} centralizedLoggingEnabled: true + multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user ################################################################# # Application configuration defaults. @@ -39,6 +40,8 @@ multicloud-fcaps: logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud' multicloud-k8s: enabled: true + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }}' multicloud-pike: enabled: true logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud' -- 2.16.6