From fe8f8c978531018c4275aa4f7dfb6af58ff90483 Mon Sep 17 00:00:00 2001 From: efiacor Date: Tue, 15 Mar 2022 15:36:48 +0000 Subject: [PATCH] [DMAAP-STRIMZI] Add strimzi kafka bridge Move DMaaP MR to use srimzi kafka Remove mr kafka and zookeeper Add strimzi kafka bridge to dmaap Signed-off-by: efiacor Change-Id: I3af65efd85b7dfb16c4682dd7607734fcd95adaf Issue-ID: DMAAP-1622 --- kubernetes/common/common/templates/_kafkaNodes.tpl | 34 --- kubernetes/dmaap/Chart.yaml | 6 +- .../.helmignore | 1 + .../Chart.yaml | 9 +- .../components => dmaap-strimzi}/Makefile | 4 +- .../templates/dmaap-strimzi-kb.yaml} | 29 +-- .../dmaap/components/dmaap-strimzi/values.yaml | 37 +++ .../dmaap/components/message-router/Chart.yaml | 8 +- .../components/message-router-kafka/.helmignore | 21 -- .../components/message-router-kafka/Chart.yaml | 38 --- .../resources/config/jmx-kafka-prometheus.yml | 23 -- .../resources/jaas/kafka_server_jaas.conf | 11 - .../resources/jaas/zk_client_jaas.conf | 5 - .../message-router-kafka/templates/NOTES.txt | 34 --- .../message-router-kafka/templates/configmap.yaml | 61 ----- .../templates/poddisruptionbudget.yaml | 30 --- .../message-router-kafka/templates/pv.yaml | 43 ---- .../message-router-kafka/templates/secrets.yaml | 17 -- .../message-router-kafka/templates/service.yaml | 41 ---- .../templates/statefulset.yaml | 267 --------------------- .../components/message-router-kafka/values.yaml | 226 ----------------- .../resources/config/jmx-zookeeper-prometheus.yml | 21 -- .../resources/config/zk_server_jaas.conf | 4 - .../message-router-zookeeper/templates/NOTES.txt | 34 --- .../templates/_zkquorum.tpl | 34 --- .../templates/_zkservers.tpl | 16 -- .../templates/configmap.yaml | 44 ---- .../templates/poddisruptionbudget.yaml | 30 --- .../message-router-zookeeper/templates/pv.yaml | 43 ---- .../templates/secrets.yaml | 17 -- .../templates/service.yaml | 40 --- .../templates/statefulset.yaml | 230 ------------------ .../message-router-zookeeper/values.yaml | 161 ------------- .../resources/config/dmaap/MsgRtrApi.properties | 34 +-- .../resources/config/dmaap/logback.xml | 143 +++++------ .../message-router/resources/config/dmaap/mykey | 27 --- .../message-router/templates/configmap.yaml | 27 +-- .../message-router/templates/secrets.yaml | 3 + .../message-router/templates/statefulset.yaml | 94 ++++++-- .../dmaap/components/message-router/values.yaml | 27 ++- kubernetes/dmaap/values.yaml | 11 + 41 files changed, 247 insertions(+), 1738 deletions(-) delete mode 100644 kubernetes/common/common/templates/_kafkaNodes.tpl rename kubernetes/dmaap/components/{message-router/components/message-router-zookeeper => dmaap-strimzi}/.helmignore (96%) rename kubernetes/dmaap/components/{message-router/components/message-router-zookeeper => dmaap-strimzi}/Chart.yaml (78%) rename kubernetes/dmaap/components/{message-router/components => dmaap-strimzi}/Makefile (94%) rename kubernetes/dmaap/components/{message-router/components/message-router-kafka/templates/service-hs.yaml => dmaap-strimzi/templates/dmaap-strimzi-kb.yaml} (57%) create mode 100644 kubernetes/dmaap/components/dmaap-strimzi/values.yaml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-kafka/.helmignore delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-kafka/Chart.yaml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/config/jmx-kafka-prometheus.yml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/kafka_server_jaas.conf delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/zk_client_jaas.conf delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/NOTES.txt delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/configmap.yaml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/poddisruptionbudget.yaml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/pv.yaml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/secrets.yaml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service.yaml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/zk_server_jaas.conf delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/NOTES.txt delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/_zkquorum.tpl delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/_zkservers.tpl delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/configmap.yaml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/poddisruptionbudget.yaml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/pv.yaml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/secrets.yaml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/service.yaml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml delete mode 100644 kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml delete mode 100755 kubernetes/dmaap/components/message-router/resources/config/dmaap/mykey diff --git a/kubernetes/common/common/templates/_kafkaNodes.tpl b/kubernetes/common/common/templates/_kafkaNodes.tpl deleted file mode 100644 index f428b58d63..0000000000 --- a/kubernetes/common/common/templates/_kafkaNodes.tpl +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -# Copyright © 2021 Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{/* - Generate comma separated list of kafka or zookeper nodes to reuse in message router charts. - How to use: - - zookeeper servers list: {{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-zookeeper" "replicaCount") "componentName" .Values.zookeeper.name "port" .Values.zookeeper.port ) }} - kafka servers list: {{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-kafka" "replicaCount") "componentName" .Values.kafka.name "port" .Values.kafka.port ) }} - -*/}} -{{- define "common.kafkaNodes" -}} -{{- $dot := .dot -}} -{{- $replicaCount := .replicaCount -}} -{{- $componentName := .componentName -}} -{{- $port := .port -}} -{{- $kafkaNodes := list -}} -{{- range $i, $e := until (int $replicaCount) -}} -{{- $kafkaNodes = print (include "common.release" $dot) "-" $componentName "-" $i "." $componentName "." (include "common.namespace" $dot) ".svc.cluster.local:" $port | append $kafkaNodes -}} -{{- end -}} -{{- $kafkaNodes | join "," -}} -{{- end -}} diff --git a/kubernetes/dmaap/Chart.yaml b/kubernetes/dmaap/Chart.yaml index 7ae20adaf9..481b48f5d9 100644 --- a/kubernetes/dmaap/Chart.yaml +++ b/kubernetes/dmaap/Chart.yaml @@ -1,7 +1,7 @@ # Copyright © 2018 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs,Bell Canada # Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2021-2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,6 +24,10 @@ dependencies: - name: common version: ~10.x-0 repository: '@local' + - name: dmaap-strimzi + version: ~10.x-0 + repository: 'file://components/dmaap-strimzi' + condition: dmaap-strimzi.enabled - name: message-router version: ~10.x-0 repository: 'file://components/message-router' diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/.helmignore b/kubernetes/dmaap/components/dmaap-strimzi/.helmignore similarity index 96% rename from kubernetes/dmaap/components/message-router/components/message-router-zookeeper/.helmignore rename to kubernetes/dmaap/components/dmaap-strimzi/.helmignore index f0c1319444..0f976e9ff3 100644 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/.helmignore +++ b/kubernetes/dmaap/components/dmaap-strimzi/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +Chart.lock diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/Chart.yaml b/kubernetes/dmaap/components/dmaap-strimzi/Chart.yaml similarity index 78% rename from kubernetes/dmaap/components/message-router/components/message-router-zookeeper/Chart.yaml rename to kubernetes/dmaap/components/dmaap-strimzi/Chart.yaml index 699722c6e0..d8f607e41f 100644 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/Chart.yaml +++ b/kubernetes/dmaap/components/dmaap-strimzi/Chart.yaml @@ -1,7 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation +# Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,8 +13,8 @@ # limitations under the License. apiVersion: v2 -description: ONAP Dmaap Message Router Zookeeper Service -name: message-router-zookeeper +description: ONAP Dmaap Strimzi Kafka Bridge +name: dmaap-strimzi version: 10.0.0 dependencies: diff --git a/kubernetes/dmaap/components/message-router/components/Makefile b/kubernetes/dmaap/components/dmaap-strimzi/Makefile similarity index 94% rename from kubernetes/dmaap/components/message-router/components/Makefile rename to kubernetes/dmaap/components/dmaap-strimzi/Makefile index f4c9784bc4..51d7de122c 100644 --- a/kubernetes/dmaap/components/message-router/components/Makefile +++ b/kubernetes/dmaap/components/dmaap-strimzi/Makefile @@ -13,11 +13,11 @@ # limitations under the License. ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../../dist +OUTPUT_DIR := $(ROOT_DIR)/../dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets -EXCLUDES := +EXCLUDES := dist resources templates charts docker HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service-hs.yaml b/kubernetes/dmaap/components/dmaap-strimzi/templates/dmaap-strimzi-kb.yaml similarity index 57% rename from kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service-hs.yaml rename to kubernetes/dmaap/components/dmaap-strimzi/templates/dmaap-strimzi-kb.yaml index 60e4df90f5..8dd7eb97cb 100644 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service-hs.yaml +++ b/kubernetes/dmaap/components/dmaap-strimzi/templates/dmaap-strimzi-kb.yaml @@ -1,6 +1,5 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,11 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} - -apiVersion: v1 -kind: Service +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaBridge metadata: - name: {{ .Values.service.name }} + name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -26,11 +24,14 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: - ports: - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - clusterIP: None - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - + replicas: {{ .Values.kafkaBridgeReplicaCount }} + enableMetrics: false + bootstrapServers: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}:{{ .Values.global.kafkaInternalPort }} + authentication: + type: {{ .Values.global.saslMechanism }} + username: {{ .Values.global.kafkaStrimziAdminUser }} + passwordSecret: + secretName: {{ .Values.global.kafkaStrimziAdminUser }} + password: password + http: + port: {{ .Values.kafkaBridgePort }} diff --git a/kubernetes/dmaap/components/dmaap-strimzi/values.yaml b/kubernetes/dmaap/components/dmaap-strimzi/values.yaml new file mode 100644 index 0000000000..8e8802d8c5 --- /dev/null +++ b/kubernetes/dmaap/components/dmaap-strimzi/values.yaml @@ -0,0 +1,37 @@ +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + kafkaBootstrap: strimzi-kafka-bootstrap + kafkaStrimziAdminUser: strimzi-kafka-admin + kafkaInternalPort: 9092 + saslMechanism: scram-sha-512 + +################################################################# +# Application configuration defaults. +################################################################# +kafkaBridgeReplicaCount: 1 +kafkaBridgePort: 8080 + +ingress: + enabled: false + +#Pods Service Account +serviceAccount: + nameOverride: dmaap-strimzi + roles: + - read diff --git a/kubernetes/dmaap/components/message-router/Chart.yaml b/kubernetes/dmaap/components/message-router/Chart.yaml index 7ecad8b222..549fb728fc 100644 --- a/kubernetes/dmaap/components/message-router/Chart.yaml +++ b/kubernetes/dmaap/components/message-router/Chart.yaml @@ -1,7 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,12 +33,6 @@ dependencies: - name: repositoryGenerator version: ~10.x-0 repository: '@local' - - name: message-router-kafka - version: ~10.x-0 - repository: 'file://components/message-router-kafka' - - name: message-router-zookeeper - version: ~10.x-0 - repository: 'file://components/message-router-zookeeper' - name: serviceAccount version: ~10.x-0 repository: '@local' diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/.helmignore b/kubernetes/dmaap/components/message-router/components/message-router-kafka/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/Chart.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/Chart.yaml deleted file mode 100644 index 2a24b7dbd9..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/Chart.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Message Router Kafka Service -name: message-router-kafka -version: 10.0.0 - -dependencies: - - name: common - version: ~10.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' - - name: certInitializer - version: ~10.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~10.x-0 - repository: '@local' - - name: serviceAccount - version: ~10.x-0 - repository: '@local' diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/config/jmx-kafka-prometheus.yml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/config/jmx-kafka-prometheus.yml deleted file mode 100644 index 2ab713e789..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/config/jmx-kafka-prometheus.yml +++ /dev/null @@ -1,23 +0,0 @@ -jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi -lowercaseOutputName: true -lowercaseOutputLabelNames: true -ssl: false -rules: -- pattern : kafka.server<>(Value|OneMinuteRate) - name: "cp_kafka_server_replicamanager_$1" -- pattern : kafka.controller<>Value - name: "cp_kafka_controller_kafkacontroller_$1" -- pattern : kafka.server<>OneMinuteRate - name: "cp_kafka_server_brokertopicmetrics_$1" -- pattern : kafka.network<>OneMinuteRate - name: "cp_kafka_network_requestmetrics_requestspersec_$1" -- pattern : kafka.network<>Value - name: "cp_kafka_network_socketserver_networkprocessoravgidlepercent" -- pattern : kafka.server<>Value - name: "cp_kafka_server_replicafetchermanager_maxlag_$1" -- pattern : kafka.server<>OneMinuteRate - name: "cp_kafka_kafkarequesthandlerpool_requesthandleravgidlepercent" -- pattern : kafka.controller<>OneMinuteRate - name: "cp_kafka_controller_controllerstats_$1" -- pattern : kafka.server<>OneMinuteRate - name: "cp_kafka_server_sessionexpirelistener_$1" diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/kafka_server_jaas.conf b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/kafka_server_jaas.conf deleted file mode 100644 index ff43fbb141..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/kafka_server_jaas.conf +++ /dev/null @@ -1,11 +0,0 @@ -KafkaServer { - org.onap.dmaap.kafkaAuthorize.PlainLoginModule1 required - username="${KAFKA_ADMIN}" - password="${KAFKA_PSWD}" - user_${KAFKA_ADMIN}="${KAFKA_PSWD}"; -}; -Client { - org.apache.zookeeper.server.auth.DigestLoginModule required - username="${ZK_ADMIN}" - password="${ZK_PSWD}"; - }; diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/zk_client_jaas.conf b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/zk_client_jaas.conf deleted file mode 100644 index 0755c1e2b7..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/zk_client_jaas.conf +++ /dev/null @@ -1,5 +0,0 @@ -Client { - org.apache.zookeeper.server.auth.DigestLoginModule required - username="${ZK_ADMIN}" - password="${ZK_PSWD}"; - }; \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/NOTES.txt b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/NOTES.txt deleted file mode 100644 index a44d0f76ee..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/configmap.yaml deleted file mode 100644 index d881fef128..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/configmap.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{/* -# Copyright © 2019 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.aafEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-jaas-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/jaas/kafka_server_jaas.conf").AsConfig . | indent 2 }} ---- -{{- else }} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-jaas-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }} ---- -{{- end }} -{{- if .Values.prometheus.jmx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-prometheus-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig . | indent 2 }} ---- -{{- end }} diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/poddisruptionbudget.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/poddisruptionbudget.yaml deleted file mode 100644 index d12ec126f9..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{/* -# Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "common.fullname" . }}-pdb - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - maxUnavailable: 1 diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/pv.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/pv.yaml deleted file mode 100644 index c386163735..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/pv.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- $global := . -}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -{{ range $i, $e := until (int $global.Values.replicaCount) }} ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "common.release" $global }}-{{ $global.Values.service.name }}-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ $global.Values.service.name }} - chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }} - release: {{ include "common.release" $global }} - heritage: {{ $global.Release.Service }} -spec: - capacity: - storage: {{ $global.Values.persistence.size }} - accessModes: - - {{ $global.Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{ $i }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} -{{ end }} -{{ end }} -{{ end }} diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/secrets.yaml deleted file mode 100644 index 033d8d5441..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service.yaml deleted file mode 100644 index 9a20f9c517..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# Copyright © 2019 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- $root := . -}} -{{ range $i, $e := until (int $root.Values.replicaCount) }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $root.Values.service.name }}-{{ $i }} - namespace: {{ include "common.namespace" $root }} - labels: - app: {{ $root.Values.service.name }} - chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }} - release: {{ include "common.release" $root }} - heritage: {{ $root.Release.Service }} - -spec: - type: {{ $root.Values.service.type }} - externalTrafficPolicy: Local - selector: - statefulset.kubernetes.io/pod-name: {{ include "common.release" $root }}-{{ $root.Values.service.name }}-{{ $i }} - ports: - - port: {{ $root.Values.service.externalPort }} - targetPort: {{ $root.Values.service.externalPort }} - nodePort: {{ $root.Values.service.baseNodePort | add $i }} - name: {{ $root.Values.service.name }}-{{ $i }} -{{ end }} diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml deleted file mode 100644 index ebb5f7e392..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml +++ /dev/null @@ -1,267 +0,0 @@ -{{/* -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - serviceName: {{ .Values.service.name }} - replicas: {{ .Values.replicaCount }} - podManagementPolicy: Parallel - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - {{- if .Values.prometheus.jmx.enabled }} - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }} - {{- end }} - spec: - {{- if .Values.nodeAffinity }} - nodeAffinity: - {{ toYaml .Values.nodeAffinity | indent 10 }} - {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - initContainers: - - command: - - /app/ready.py - args: - - --container-name - - {{ .Values.zookeeper.name }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: - - sh - - -exec - - | - rm -rf '/var/lib/kafka/data/lost+found'; - chown -R 1000:0 /var/lib/kafka/data; - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /var/lib/kafka/data - name: kafka-data - name: {{ include "common.name" . }}-permission-fixer - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done" - env: - - name: ZK_ADMIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }} - - name: ZK_PSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }} - - name: KAFKA_ADMIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }} - - name: KAFKA_PSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /etc/kafka/secrets/jaas - name: jaas-config - - mountPath: /config-input - name: jaas - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} - containers: - {{- if .Values.prometheus.jmx.enabled }} - - name: prometheus-jmx-exporter - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - java - - -XX:+UnlockExperimentalVMOptions - - -XX:+UseCGroupMemoryLimitForHeap - - -XX:MaxRAMFraction=1 - - -XshowSettings:vm - - -jar - - jmx_prometheus_httpserver.jar - - {{ .Values.prometheus.jmx.port | quote }} - - /etc/jmx-kafka/jmx-kafka-prometheus.yml - ports: - - containerPort: {{ .Values.prometheus.jmx.port }} - resources: -{{ toYaml .Values.prometheus.jmx.resources | indent 10 }} - volumeMounts: - - name: jmx-config - mountPath: /etc/jmx-kafka - {{- end }} - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - - -exc - - | - export KAFKA_BROKER_ID=${HOSTNAME##*-} && \ - {{- if .Values.global.aafEnabled }} - cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.final_cadi_files }} /etc/kafka/data/{{ .Values.certInitializer.final_cadi_files }} && \ - export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_SASL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_SASL_PLAINTEXT://:{{ .Values.service.internalPort }} && \ - {{ else }} - export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_PLAINTEXT://:{{ .Values.service.internalPort }} && \ - {{- end }} - exec /etc/confluent/docker/run - resources: -{{ include "common.resources" . | indent 12 }} - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.externalPort }} - {{- if .Values.prometheus.jmx.enabled }} - - containerPort: {{ .Values.jmx.port }} - name: jmx - {{- end }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: KAFKA_ZOOKEEPER_CONNECT - value: "{{ include "common.kafkaNodes" (dict "dot" . "replicaCount" .Values.zookeeper.replicaCount "componentName" .Values.zookeeper.name "port" .Values.zookeeper.port ) }}" - - name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE - value: "{{ .Values.kafka.enableSupport }}" - - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR - value: "{{ .Values.config.offsets_topic_replication_factor | default .Values.replicaCount }}" - - name: KAFKA_NUM_PARTITIONS - value: "{{ .Values.config.num_partition | default .Values.replicaCount }}" - - name: KAFKA_DEFAULT_REPLICATION_FACTOR - value: "{{ .Values.config.default_replication_factor | default .Values.replicaCount }}" - {{- if .Values.global.aafEnabled }} - - name: KAFKA_OPTS - value: "{{ .Values.kafka.jaasOptionsAaf }}" - - name: aaf_locate_url - value: https://aaf-locate.{{ include "common.namespace" . }}:8095 - - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP - value: "{{ .Values.kafka.protocolMapAaf }}" - - name: KAFKA_LISTENERS - value: "{{ .Values.kafka.listenersAaf }}" - - name: KAFKA_SASL_ENABLED_MECHANISMS - value: "{{ .Values.kafka.saslMech }}" - - name: KAFKA_INTER_BROKER_LISTENER_NAME - value: "{{ .Values.kafka.interBrokerListernerAaf }}" - - name: KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL - value: "{{ .Values.kafka.saslInterBrokerProtocol }}" - - name: KAFKA_AUTHORIZER_CLASS_NAME - value: "{{ .Values.kafka.authorizer }}" - {{ else }} - - name: KAFKA_OPTS - value: "{{ .Values.kafka.jaasOptions }}" - - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP - value: "{{ .Values.kafka.protocolMap }}" - - name: KAFKA_LISTENERS - value: "{{ .Values.kafka.listeners }}" - - name: KAFKA_INTER_BROKER_LISTENER_NAME - value: "{{ .Values.kafka.interBrokerListerner }}" - {{- end }} - {{- range $key, $value := .Values.configurationOverrides }} - - name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.jmx.port }} - - name: KAFKA_JMX_PORT - value: "{{ .Values.jmx.port }}" - {{- end }} - - name: enableCadi - value: "{{ .Values.global.aafEnabled }}" - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/docker.sock - name: docker-socket - - name: jaas-config - mountPath: /etc/kafka/secrets/jaas - - mountPath: /var/lib/kafka/data - name: kafka-data - {{- if .Values.tolerations }} - tolerations: - {{ toYaml .Values.tolerations | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - - name: localtime - hostPath: - path: /etc/localtime - - name: jaas-config - emptyDir: - medium: Memory - - name: docker-socket - hostPath: - path: /var/run/docker.sock - - name: jaas - configMap: - name: {{ include "common.fullname" . }}-jaas-configmap - {{- if .Values.prometheus.jmx.enabled }} - - name: jmx-config - configMap: - name: {{ include "common.fullname" . }}-prometheus-configmap - {{- end }} -{{ if not .Values.persistence.enabled }} - - name: kafka-data - emptyDir: {} -{{ else }} - volumeClaimTemplates: - - metadata: - name: kafka-data - labels: - app: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{ end }} diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml deleted file mode 100644 index c998e9ec67..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml +++ /dev/null @@ -1,226 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - - -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: dmaap-mr-kafka-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: dmaap-mr - fqi: dmaapmr@mr.dmaap.onap.org - public_fqdn: mr.dmaap.onap.org - cadi_longitude: "-122.26147" - cadi_latitude: "37.78187" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - fqi_namespace: org.onap.dmaap.mr - final_cadi_files: cadi.properties - aaf_add_config: | - echo "*** concat the three prop files" - cd {{ .Values.credsPath }} - cat {{ .Values.fqi_namespace }}.props > {{ .Values.final_cadi_files }} - cat {{ .Values.fqi_namespace }}.cred.props >> {{ .Values.final_cadi_files }} - cat {{ .Values.fqi_namespace }}.location.props >> {{ .Values.final_cadi_files }} - echo "*** configuration result:" - cat {{ .Values.final_cadi_files }} - chown -R 1000 . - - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/dmaap/kafka111:1.1.1 -pullPolicy: Always - - -zookeeper: - name: message-router-zookeeper - port: 2181 - replicaCount: 1 - -kafka: - heapOptions: -Xmx5G -Xms1G - jaasOptions: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf - jaasOptionsAaf: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/kafka_server_jaas.conf - enableSupport: false - protocolMapAaf: INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT - protocolMap: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT - listenersAaf: EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9091,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092 - listeners: EXTERNAL_PLAINTEXT://0.0.0.0:9091,INTERNAL_PLAINTEXT://0.0.0.0:9092 - authorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer - saslInterBrokerProtocol: PLAIN - saslMech: PLAIN - interBrokerListernerAaf: INTERNAL_SASL_PLAINTEXT - interBrokerListerner: INTERNAL_PLAINTEXT - -config: {} - # offsets_topic_replication_factor: - # num_partition: - # default_replication_factor: - -configurationOverrides: - "log.dirs": "/var/lib/kafka/data" - "log.retention.hours": "168" - "transaction.state.log.replication.factor": "1" - "transaction.state.log.min.isr": "1" - "num.recovery.threads.per.data.dir": "5" - "zookeeper.connection.timeout.ms": "6000" - "zookeeper.set.acl": "true" - -jmx: - port: 5555 - -prometheus: - jmx: - enabled: false - image: solsson/kafka-prometheus-jmx-exporter@sha256 - imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143 - port: 5556 - -jaas: - config: - zkClient: kafka - zkClientPassword: kafka_secret - kafkaAdminUser: admin - kafkaAdminPassword: admin_secret - #kafkaAdminUserExternal: some secret - #zkClientPasswordExternal: some secret - - -secrets: - - uid: zk-client - type: basicAuth - externalSecret: '{{ .Values.jaas.config.zkClientPasswordExternal}}' - login: '{{ .Values.jaas.config.zkClient }}' - password: '{{ .Values.jaas.config.zkClientPassword }}' - passwordPolicy: required - - uid: kafka-admin - type: basicAuth - externalSecret: '{{ .Values.jaas.config.kafkaAdminUserExternal}}' - login: '{{ .Values.jaas.config.kafkaAdminUser }}' - password: '{{ .Values.jaas.config.kafkaAdminPassword }}' - passwordPolicy: required - -# flag to enable debugging - application support required -debugEnabled: false - -# default number of instances -replicaCount: 1 - - -# To access Kafka outside cluster, this value must be set to hard and the number of nodes in K8S cluster must be equal or greater then replica count -podAntiAffinityType: soft - -# defult partitions -defaultpartitions: 3 - -nodeSelector: {} - -nodeAffinity: {} - -affinity: {} - -tolerations: {} - - - -# probe configuration parameters -liveness: - initialDelaySeconds: 90 - periodSeconds: 20 - timeoutSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 90 - periodSeconds: 20 - timeoutSeconds: 100 - -## Persist data to a persitent volume -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteOnce - size: 2Gi - mountPath: /dockerdata-nfs - mountSubPath: message-router/data-kafka - -service: - type: NodePort - name: message-router-kafka - portName: tcp-message-router-kafka - internalPort: 9092 - internalSSLPort: 9093 - externalPort: 9091 - baseNodePort: 30490 - - - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 2000m - memory: 4Gi - requests: - cpu: 500m - memory: 1Gi - large: - limits: - cpu: 4000m - memory: 8Gi - requests: - cpu: 1000m - memory: 2Gi - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: message-router-kafka - roles: - - read diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml deleted file mode 100644 index a75b644c5f..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml +++ /dev/null @@ -1,21 +0,0 @@ -jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi -lowercaseOutputName: true -lowercaseOutputLabelNames: true -ssl: false -rules: -- pattern: "org.apache.ZooKeeperService<>(\\w+)" - name: "message-router-zookeeper_$2" -- pattern: "org.apache.ZooKeeperService<>(\\w+)" - name: "message-router-zookeeper_$3" - labels: - replicaId: "$2" -- pattern: "org.apache.ZooKeeperService<>(\\w+)" - name: "message-router-zookeeper_$4" - labels: - replicaId: "$2" - memberType: "$3" -- pattern: "org.apache.ZooKeeperService<>(\\w+)" - name: "message-router-zookeeper_$4_$5" - labels: - replicaId: "$2" - memberType: "$3" diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/zk_server_jaas.conf b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/zk_server_jaas.conf deleted file mode 100644 index 8266f6b2c6..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/zk_server_jaas.conf +++ /dev/null @@ -1,4 +0,0 @@ -Server { - org.apache.zookeeper.server.auth.DigestLoginModule required - user_${ZK_ADMIN}="${ZK_PSWD}"; -}; \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/NOTES.txt b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/NOTES.txt deleted file mode 100644 index a44d0f76ee..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/_zkquorum.tpl b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/_zkquorum.tpl deleted file mode 100644 index 9af910eb89..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/_zkquorum.tpl +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -# Copyright © 2019 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- /* - Calculate the maximum number of zk server down in order to guarantee ZK quorum. - For guaranteeing ZK quorum we need half of the server + 1 up. - - div in go template cast return an int64 - so we need to know if it is an even number or an odd. - For this we are doing (n/2)*2=n? - if true it is even else it is even -*/ -}} -{{- define "zk.maxUnavailable" -}} -{{- $halfReplica := div .Values.replicaCount 2 -}} - {{/* divide by 2 and multiply by 2 in order to know if it is an even number*/}} - {{if eq (mul $halfReplica 2) (int .Values.replicaCount) }} - {{- toYaml (sub $halfReplica 1) -}} - {{else}} - {{- toYaml $halfReplica -}} - {{end}} -{{- end -}} diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/_zkservers.tpl b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/_zkservers.tpl deleted file mode 100644 index 8b88d7bb36..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/_zkservers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* -Create a server list string based on fullname, namespace, # of zookeeperServers -in a format like "zkhost1:port:port;zkhost2:port:port" -*/}} -{{- define "zookeeper.serverlist" -}} -{{- $namespace := include "common.namespace" . }} -{{- $fullname := include "common.fullname" . -}} -{{- $name := include "common.name" . -}} -{{- $serverPort := .Values.service.serverPort -}} -{{- $leaderElectionPort := .Values.service.leaderElectionPort -}} -{{- $zk := dict "zookeeperServers" (list) -}} -{{- range $idx, $v := until (int .Values.zookeeperServers) }} -{{- $noop := printf "%s-%d.%s.%s.svc.cluster.local:%d:%d" $fullname $idx $name $namespace (int $serverPort) (int $leaderElectionPort) | append $zk.zookeeperServers | set $zk "zookeeperServers" -}} -{{- end }} -{{- printf "%s" (join ";" $zk.zookeeperServers) | quote -}} -{{- end -}} \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/configmap.yaml deleted file mode 100644 index 7a26053d11..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/configmap.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{/* -# Copyright © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.prometheus.jmx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-prometheus-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig . | indent 2 }} ---- -{{ end }} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-jaas-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig | indent 2 }} diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/poddisruptionbudget.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/poddisruptionbudget.yaml deleted file mode 100644 index db81b890ef..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{/* -# Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "common.fullname" . }}-pdb - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - maxUnavailable: {{ include "zk.maxUnavailable" . }} diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/pv.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/pv.yaml deleted file mode 100644 index c386163735..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/pv.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- $global := . -}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -{{ range $i, $e := until (int $global.Values.replicaCount) }} ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "common.release" $global }}-{{ $global.Values.service.name }}-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ $global.Values.service.name }} - chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }} - release: {{ include "common.release" $global }} - heritage: {{ $global.Release.Service }} -spec: - capacity: - storage: {{ $global.Values.persistence.size }} - accessModes: - - {{ $global.Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{ $i }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} -{{ end }} -{{ end }} -{{ end }} diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/secrets.yaml deleted file mode 100644 index 033d8d5441..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/service.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/service.yaml deleted file mode 100644 index 6bd13f0594..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/service.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.clientPort }} - name: {{ .Values.service.clientPortName }} - - port: {{ .Values.service.serverPort }} - name: {{ .Values.service.serverPortName }} - - port: {{ .Values.service.leaderElectionPort }} - name: {{ .Values.service.leaderElectionPortName }} - clusterIP: None - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml deleted file mode 100644 index cac75b1565..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml +++ /dev/null @@ -1,230 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - serviceName: {{ .Values.service.name }} - replicas: {{ .Values.replicaCount }} - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: {{ .Values.maxUnavailable }} - podManagementPolicy: Parallel - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - {{- if .Values.prometheus.jmx.enabled }} - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }} - {{- end }} - spec: - {{- if .Values.nodeAffinity }} - nodeAffinity: - {{ toYaml .Values.nodeAffinity | indent 10 }} - {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - initContainers: - - name: {{ include "common.name" . }}-permission-fixer - command: - - sh - - -exec - - > - chown -R 1000:0 /tmp/zookeeper/apikeys; - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /tmp/zookeeper/apikeys - name: zookeeper-data - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/zookeeper/secrets/jaas/${PFILE}; done" - env: - - name: ZK_ADMIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }} - - name: ZK_PSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /etc/zookeeper/secrets/jaas - name: jaas-config - - mountPath: /config-input - name: jaas - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - containers: - {{- if .Values.prometheus.jmx.enabled }} - - name: prometheus-jmx-exporter - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - java - - -XX:+UnlockExperimentalVMOptions - - -XX:+UseCGroupMemoryLimitForHeap - - -XX:MaxRAMFraction=1 - - -XshowSettings:vm - - -jar - - jmx_prometheus_httpserver.jar - - {{ .Values.prometheus.jmx.port | quote }} - - /etc/jmx-zookeeper/jmx-zookeeper-prometheus.yml - ports: - - containerPort: {{ .Values.prometheus.jmx.port }} - resources: -{{ toYaml .Values.prometheus.jmx.resources | indent 10 }} - volumeMounts: - - name: jmx-config - mountPath: /etc/jmx-zookeeper - {{- end }} - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - resources: -{{ include "common.resources" . | indent 12 }} - ports: - - containerPort: {{ .Values.service.clientPort }} - name: {{ .Values.service.clientPortName }} - - containerPort: {{ .Values.service.serverPort }} - name: {{ .Values.service.serverPortName }} - - containerPort: {{ .Values.service.leaderElectionPort }} - name: {{ .Values.service.leaderElectionPortName }} - {{- if .Values.prometheus.jmx.enabled }} - - containerPort: {{ .Values.jmx.port }} - name: jmx - {{- end }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - exec: - command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 localhost 2181 | grep imok'] - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{ end }} - readinessProbe: - exec: - command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 localhost 2181 | grep imok'] - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - resources: -{{ include "common.resources" . | indent 10 }} - env: - - name : KAFKA_HEAP_OPTS - value: "{{ .Values.zkConfig.heapOptions }}" - {{- if .Values.jmx.port }} - - name : KAFKA_JMX_PORT - value: "{{ .Values.jmx.port }}" - {{- end }} - - name : ZOOKEEPER_REPLICAS - value: "{{ .Values.replicaCount }}" - - name : ZOOKEEPER_TICK_TIME - value: "{{ .Values.zkConfig.tickTime }}" - - name : ZOOKEEPER_SYNC_LIMIT - value: "{{ .Values.zkConfig.syncLimit }}" - - name : ZOOKEEPER_INIT_LIMIT - value: "{{ .Values.zkConfig.initLimit }}" - - name : ZOOKEEPER_MAX_CLIENT_CNXNS - value: "{{ .Values.zkConfig.maxClientCnxns }}" - - name : ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT - value: "{{ .Values.zkConfig.autoPurgeSnapRetainCount}}" - - name : ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL - value: "{{ .Values.zkConfig.autoPurgePurgeInterval}}" - - name: ZOOKEEPER_CLIENT_PORT - value: "{{ .Values.zkConfig.clientPort }}" - - name: KAFKA_OPTS - value: "{{ .Values.zkConfig.kafkaOpts }}" - - name: ZOOKEEPER_QUORUM_LISTEN_ON_ALL_IPS - value: "true" - - name: ZOOKEEPER_SERVERS - value: {{ template "zookeeper.serverlist" . }} - - name: ZOOKEEPER_SERVER_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - command: - - "bash" - - "-c" - - | - ZOOKEEPER_SERVER_ID=$((${HOSTNAME##*-}+1)) \ - /etc/confluent/docker/run - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/lib/zookeeper/data - name: zookeeper-data - - name: jaas-config - mountPath: /etc/zookeeper/secrets/jaas - {{- if .Values.tolerations }} - tolerations: - {{ toYaml .Values.tolerations | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: jaas-config - emptyDir: - medium: Memory - - name: docker-socket - hostPath: - path: /var/run/docker.sock - - name: jaas - configMap: - name: {{ include "common.fullname" . }}-jaas-configmap - {{- if .Values.prometheus.jmx.enabled }} - - name: jmx-config - configMap: - name: {{ include "common.fullname" . }}-prometheus-configmap - {{- end }} -{{ if not .Values.persistence.enabled }} - - name: zookeeper-data - emptyDir: {} -{{ else }} - volumeClaimTemplates: - - metadata: - name: zookeeper-data - labels: - app: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{ end }} diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml deleted file mode 100644 index 79ced4dde2..0000000000 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml +++ /dev/null @@ -1,161 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/dmaap/zookeeper:6.1.0 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - - -# default number of instances -replicaCount: 1 - -zookeeperServers: 1 - -nodeSelector: {} - -nodeAffinity: {} - -affinity: {} - -tolerations: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 60 - periodSeconds: 20 - timeoutSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 60 - periodSeconds: 20 - timeoutSeconds: 10 - -#Zookeeper properties -zkConfig: - tickTime: 2000 - syncLimit: 5 - initLimit: 20 - maxClientCnxns: 200 - autoPurgeSnapRetainCount: 3 - autoPurgePurgeInterval: 24 - heapOptions: -Xmx2G -Xms2G - kafkaOpts: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl -Dzookeeper.4lw.commands.whitelist=* - clientPort: 2181 - -jmx: - port: 5555 - -prometheus: - jmx: - enabled: false - image: solsson/kafka-prometheus-jmx-exporter@sha256 - imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143 - port: 5556 - -jaas: - config: - zkAdminUser: kafka - zkAdminPassword: kafka_secret - #zkAdminPasswordExternal= some password - -secrets: - - uid: zk-admin - type: basicAuth - externalSecret: '{{ .Values.jaas.config.zkAdminPasswordExternal}}' - login: '{{ .Values.jaas.config.zkAdminUser }}' - password: '{{ .Values.jaas.config.zkAdminPassword }}' - passwordPolicy: required - -## Persist data to a persitent volume -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteOnce - size: 2Gi - mountPath: /dockerdata-nfs - mountSubPath: message-router/data-zookeeper - - -rollingUpdate: - maxUnavailable: 1 -service: - type: ClusterIP - name: message-router-zookeeper - portName: message-router-zookeeper - clientPortName: tcp-client - clientPort: 2181 - serverPortName: tcp-server - serverPort: 2888 - leaderElectionPortName: tcp-leader - leaderElectionPort: 3888 - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 2000m - memory: 4Gi - requests: - cpu: 500m - memory: 1Gi - large: - limits: - cpu: 4000m - memory: 8Gi - requests: - cpu: 1000m - memory: 2Gi - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: message-router-zookeeper - roles: - - read diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties index 4256b3b723..d2ee8356d7 100755 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties @@ -3,6 +3,7 @@ # org.onap.dmaap # ================================================================================ # Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2021-2022 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,41 +21,16 @@ # ############################################################################### ############################################################################### -## -## Cambria API Server config -## -## Default values are shown as commented settings. -## -############################################################################### -## -## HTTP service -## -## 3904 is standard as of 7/29/14. -# -## Zookeeper Connection -## -## Both Cambria and Kafka make use of Zookeeper. -## -#config.zk.servers=172.18.1.1 -#config.zk.servers={{.Values.zookeeper.name}}:{{.Values.zookeeper.port}} */}} -config.zk.servers={{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-zookeeper" "replicaCount") "componentName" .Values.zookeeper.name "port" .Values.zookeeper.port ) }} -#config.zk.root=/fe3c/cambria/config - - -############################################################################### ## ## Kafka Connection ## ## Items below are passed through to Kafka's producer and consumer ## configurations (after removing "kafka.") ## if you want to change request.required.acks it can take this one value -#kafka.metadata.broker.list=localhost:9092,localhost:9093 -#kafka.metadata.broker.list={{.Values.kafka.name}}:{{.Values.kafka.port}} -kafka.metadata.broker.list={{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-kafka" "replicaCount") "componentName" .Values.kafka.name "port" .Values.kafka.port ) }} - -##kafka.request.required.acks=-1 -#kafka.client.zookeeper=${config.zk.servers} +kafka.metadata.broker.list={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}:{{ .Values.global.kafkaInternalPort }} +config.zk.servers=127.0.0.1:{{ .Values.global.zkTunnelService.internalPort }} +#kafka.request.required.acks=-1 consumer.timeout.ms=100 zookeeper.connection.timeout.ms=6000 zookeeper.session.timeout.ms=20000 @@ -143,7 +119,7 @@ cambria.consumer.cache.touchFreqMs=120000 cambria.consumer.cache.zkBasePath=/fe3c/cambria/consumerCache consumer.timeout=17 default.partitions=3 -default.replicas={{ index .Values "message-router-kafka" "replicaCount" }} +default.replicas=3 ############################################################################## #100mb maxcontentlength=10000 diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml index ad2ce2b92a..949a893197 100644 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml @@ -1,6 +1,7 @@ - + ${module.ajsc.namespace.name} @@ -41,7 +42,7 @@ - class="ch.qos.logback.core.ConsoleAppender"> + ERROR ACCEPT @@ -54,105 +55,105 @@ - - + + - - + + - - - + + + - + - + - + - + - + - - + + - - + + - - + + - - + + - - + + - + - - + + - - - - + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - + + - - - - - + + + + + - - - - - - - - - - + + + + + + + + + + - - + + @@ -176,10 +177,10 @@ - + - + @@ -187,13 +188,13 @@ 0 - + - + diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/mykey b/kubernetes/dmaap/components/message-router/resources/config/dmaap/mykey deleted file mode 100755 index c2b8b8779b..0000000000 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/mykey +++ /dev/null @@ -1,27 +0,0 @@ -_sNOLphPzrU7L0L3oWv0pYwgV_ddGF1XoBsQEIAp34jfP-fGJFPfFYaMpDEZ3gwH59rNw6qyMZHk -k-4irklvVcWk36lC3twNvc0DueRCVrws1bkuhOLCXdxHJx-YG-1xM8EJfRmzh79WPlPkbAdyPmFF -Ah44V0GjAnInPOFZA6MHP9rNx9B9qECHRfmvzU13vJCcgTsrmOr-CEiWfRsnzPjsICxpq9OaVT_D -zn6rNaroGm1OiZNCrCgvRkCUHPOOCw3j9G1GeaImoZNYtozbz9u4sj13PU-MxIIAa64b1bMMMjpz -Upc8lVPI4FnJKg6axMmEGn5zJ6JUq9mtOVyPj__2GEuDgpx5H4AwodXXVjFsVgR8UJwI_BvS2JVp -JoQk0J1RqXmAXVamlsMAfzmmbARXgmrBfnuhveZnh9ymFVU-YZeujdANniXAwBGI7c6hG_BXkH7i -Eyf4Fn41_SV78PskP6qgqJahr9r3bqdjNbKBztIKCOEVrE_w3IM5r02l-iStk_NBRkj6cq_7VCpG -afxZ2CtZMwuZMiypO_wOgbdpCSKNzsL-NH2b4b08OlKiWb263gz634KJmV5WEfCl-6eH-JUFbWOS -JwQfActLNT2ZQPl2MyZQNBzJEWoJRgS6k7tPRO-zqeUtYYHGHVMCxMuMHGQcoilNNHEFeBCG_fBh -yAKb9g9F86Cbx9voMLiyTX2T3rwVHiSJFOzfNxGmfN5JWOthIun_c5hEY1tLQ15BomzkDwk7BAj7 -VbRCrVD45B6xrmSTMBSWYmLyr6mnQxQqeh9cMbD-0ZAncE3roxRnRvPKjFFa208ykYUp2V83r_PJ -fV5I9ZPKSjk9DwFyrjkcQQEYDhdK6IFqcd6nEthjYVkmunu2fsX0bIOm9GGdIbKGqBnpdgBO5hyT -rBr9HSlZrHcGdti1R823ckDF0Ekcl6kioDr5NLIpLtg9zUEDRm3QrbX2mv5Zs8W0pYnOqglxy3lz -bJZTN7oR7VasHUtjmp0RT9nLZkUs5TZ6MHhlIq3ZsQ6w_Q9Rv1-ofxfwfCC4EBrWKbWAGCf6By4K -Ew8321-2YnodhmsK5BrT4zQ1DZlmUvK8BmYjZe7wTljKjgYcsLTBfX4eMhJ7MIW1kpnl8AbiBfXh -QzN56Mki51Q8PSQWHm0W9tnQ0z6wKdck6zBJ8JyNzewZahFKueDTn-9DOqIDfr3YHvQLLzeXyJ8e -h4AgjW-hvlLzRGtkCknjLIgXVa3rMTycseAwbW-mgdCqqkw3SdEG8feAcyntmvE8j2jbtSDStQMB -9JdvyNLuQdNG4pxpusgvVso0-8NQF0YVa9VFwg9U6IPSx5p8FcW68OAHt_fEgT4ZtiH7o9aur4o9 -oYqUh2lALCY-__9QLq1KkNjMKs33Jz9E8LbRerG9PLclkTrxCjYAeUWBjCwSI7OB7xkuaYDSjkjj -a46NLpdBN1GNcsFFcZ79GFAK0_DsyxGLX8Tq6q0Bvhs8whD8wlSxpTGxYkyqNX-vcb7SDN_0WkCE -XSdZWkqTHXcYbOvoCOb_e6SFAztuMenuHWY0utX0gBfx_X5lPDFyoYXErxFQHiA7t27keshXNa6R -ukQRRS8kMjre1U74sc-fRNXkXpl57rG4rgxaEX0eBeowa53KAsVvUAoSac2aC_nfzXrDvoyf9Xi3 -JpEZNhUDLpFCEycV4I7jGQ9wo9qNaosvlsr6kbLDNdb_1xrGVgjT3xEvRNJNPqslSAu-yD-UFhC3 -AmCdYUnugw_eEFqXCHTARcRkdPPvl2XsmEKY2IqEeO5tz4DyXQFaL-5hEVh6lYEU1EOWHk3UGIXe -Vc5_Ttp82qNLmlJPbZvgmNTJzYTHDQ_27KBcp7IVVZgPDjVKdWqQvZ18KhxvfF3Idgy82LBZniFV -IbtxllXiPRxoPQriSXMnXjh3XkvSDI2pFxXfEvLRn1tvcFOwPNCz3QfPIzYg8uYXN5bRt3ZOrR_g -ZhIlrc7HO0VbNbeqEVPKMZ-cjkqGj4VAuDKoQc0eQ6X_wCoAGO78nPpLeIvZPx1X3z5YoqNA \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/templates/configmap.yaml index 75a5e22d40..c999b79183 100644 --- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/templates/configmap.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2021-2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -55,32 +56,6 @@ data: --- apiVersion: v1 kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-dbc-mrclusters - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/mr_clusters/*.json").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-dbc-topics - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-sys-props namespace: {{ include "common.namespace" . }} diff --git a/kubernetes/dmaap/components/message-router/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/templates/secrets.yaml index 9456c15994..50dda8a8f9 100644 --- a/kubernetes/dmaap/components/message-router/templates/secrets.yaml +++ b/kubernetes/dmaap/components/message-router/templates/secrets.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2021-2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,3 +29,5 @@ metadata: data: {{ (.Files.Glob "resources/config/dmaap/mykey").AsSecrets | indent 2 }} type: Opaque +--- +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index f0832add80..e9d890e432 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2021-2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,22 +27,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - - command: - - /app/ready.py - args: - - --container-name - - {{ .Values.kafka.name }} - - --container-name - - {{ .Values.zookeeper.name }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config @@ -82,6 +67,45 @@ spec: - name: jmx-config mountPath: /etc/jmx-kafka {{- end }} + - name: srimzi-zk-entrance + image: 'docker.io/scholzj/zoo-entrance:latest' + command: + - /opt/stunnel/stunnel_run.sh + ports: + - containerPort: {{ .Values.global.zkTunnelService.internalPort }} + name: zoo + protocol: TCP + env: + - name: LOG_LEVEL + value: debug + - name: STRIMZI_ZOOKEEPER_CONNECT + value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.global.zkTunnelService.internalPort }}' + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/stunnel/stunnel_healthcheck.sh + - '{{ .Values.global.zkTunnelService.internalPort }}' + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - /opt/stunnel/stunnel_healthcheck.sh + - '{{ .Values.global.zkTunnelService.internalPort }}' + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /etc/cluster-operator-certs/ + name: cluster-operator-certs + - mountPath: /etc/cluster-ca-certs/ + name: cluster-ca-certs - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -123,6 +147,10 @@ spec: successThreshold: {{ .Values.startup.successThreshold }} failureThreshold: {{ .Values.startup.failureThreshold }} env: + - name: JAASLOGIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "mr-kafka-admin-secret" "key" "sasl.jaas.config") | indent 12 }} + - name: SASLMECH + value: {{ .Values.global.saslMechanism }} - name: enableCadi value: "{{ .Values.global.aafEnabled }}" volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} @@ -135,9 +163,6 @@ spec: - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml subPath: logback.xml name: logback - - mountPath: /appl/dmaapMR1/etc/keyfile - subPath: mykey - name: mykey {{- if .Values.global.aafEnabled }} - mountPath: /appl/dmaapMR1/etc/runner-web.xml subPath: runner-web.xml @@ -168,13 +193,38 @@ spec: configMap: name: {{ include "common.fullname" . }}-prometheus-configmap {{- end }} - - name: mykey - secret: - secretName: {{ include "common.fullname" . }}-secret - name: sys-props configMap: name: {{ include "common.fullname" . }}-sys-props - name: jetty emptyDir: {} + - name: cluster-operator-certs + secret: + defaultMode: 288 + secretName: {{ include "common.release" . }}-strimzi-cluster-operator-certs + - name: cluster-ca-certs + secret: + defaultMode: 288 + secretName: {{ include "common.release" . }}-strimzi-cluster-ca-cert imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "common.fullname" . }}-zk-network-policy + namespace: {{ include "common.namespace" . }} +spec: + podSelector: + matchLabels: + strimzi.io/name: {{ include "common.release" . }}-strimzi-zookeeper + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: {{ include "common.name" . }} + ports: + - port: {{ .Values.global.zkTunnelService.internalPort }} + protocol: TCP + policyTypes: + - Ingress \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index 34b7a8822a..372665243e 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2021-2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +19,14 @@ ################################################################# global: nodePortPrefix: 302 - + kafkaBootstrap: strimzi-kafka-bootstrap + saslMechanism: scram-sha-512 + kafkaInternalPort: 9092 + zkTunnelService: + type: ClusterIP + name: zk-tunnel-svc + portName: tcp-zk-tunnel + internalPort: 2181 ################################################################# # AAF part @@ -63,18 +71,21 @@ certInitializer: image: onap/dmaap/dmaap-mr:1.3.2 pullPolicy: Always -kafka: - name: message-router-kafka - port: 9092 -zookeeper: - name: message-router-zookeeper - port: 2181 +secrets: + - uid: mr-kafka-admin-secret + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate # flag to enable debugging - application support required debugEnabled: false # application configuration -config: {} +config: + someConfig: blah # default number of instances replicaCount: 1 diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml index b7f0735c8d..d34efae312 100644 --- a/kubernetes/dmaap/values.yaml +++ b/kubernetes/dmaap/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2018 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs,Bell Canada +# Modifications Copyright © 2021-2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -45,15 +46,25 @@ global: aafAppNs: org.osaaf.aaf aafLocatorContainer: oom + #Strimzi config + kafkaBootstrap: strimzi-kafka-bootstrap + kafkaStrimziAdminUser: strimzi-kafka-admin + kafkaInternalPort: 9092 + saslMechanism: scram-sha-512 + #Component overrides message-router: enabled: true + config: + jaasConfExternalSecret: '{{ .Values.global.kafkaStrimziAdminUser }}' dmaap-bc: enabled: true dmaap-dr-node: enabled: true dmaap-dr-prov: enabled: true +dmaap-strimzi: + enabled: true #Pods Service Account serviceAccount: -- 2.16.6