[SO-SDC-DIST] Updgrade sdc-controller to kafka native
Update sdc-controller to use new sdc-dist client
Add sdc-controller KafkaUser for SDC topic auth
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Change-Id: I7969bb79a2b329d1140eacc953b40dd487456bcb
Issue-ID: DMAAP-1815
diff --git a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml
index 29a1cf7..50cf231 100755
--- a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml
@@ -74,26 +74,28 @@
asdc-connections:
asdc-controller1:
user: mso
- consumerGroup: SO-OpenSource-Env11
- consumerId: SO-COpenSource-Env11
+ consumerGroup: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
+ consumerId: {{ .Values.config.kafka.sdcTopic.clientId }}
environmentName: AUTO
{{ if (include "common.needTLS" .) }}
- asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443
+ sdcAddress: sdc-be.{{ include "common.namespace" . }}:8443
{{ else }}
- asdcAddress: sdc-be.{{ include "common.namespace" . }}:8080
+ sdcAddress: sdc-be.{{ include "common.namespace" . }}:8080
{{ end }}
password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }}
pollingInterval: 60
pollingTimeout: 60
relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL
- useHttpsWithDmaap: false
useHttpsWithSdc: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
activateServerTLSAuth: false
keyStorePassword:
keyStorePath:
watchDogTimeout: 300
isFitlerInEmptyResources: true
- messageBusAddress: message-router.{{ include "common.namespace" . }},message-router.{{ include "common.namespace" . }}
+ httpsProxyHost:
+ httpProxyHost:
+ httpsProxyPort: 0
+ httpProxyPort: 0
asdc:
config:
activity:
diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
index 55493f7..0d1977b 100755
--- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
+++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
@@ -71,6 +71,12 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: SECURITY_PROTOCOL
+ value: {{ .Values.config.kafka.securityProtocol }}
+ - name: SASL_MECHANISM
+ value: {{ .Values.config.kafka.saslMechanism }}
+ - name: SASL_JAAS_CONFIG
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }}
{{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
diff --git a/kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml b/kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml
new file mode 100644
index 0000000..4619c8e
--- /dev/null
+++ b/kubernetes/so/components/so-sdc-controller/templates/so-sdc-dist-kakfa-user.yaml
@@ -0,0 +1,36 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.global.soSdcListenerKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: {{ .Values.config.kafka.saslMechanism | lower }}
+ authorization:
+ type: {{ .Values.config.kafka.authType }}
+ acls:
+ - resource:
+ type: group
+ name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
+ operation: All
+ - resource:
+ type: topic
+ patternType: prefix
+ name: {{ .Values.config.kafka.sdcTopic.pattern }}
+ operation: All
diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml
index f006c07..63a641c 100755
--- a/kubernetes/so/components/so-sdc-controller/values.yaml
+++ b/kubernetes/so/components/so-sdc-controller/values.yaml
@@ -28,6 +28,7 @@
mariadbGalera:
serviceName: mariadb-galera
servicePort: '3306'
+ soSdcListenerKafkaUser: so-sdc-list-user
readinessCheck:
wait_for:
@@ -50,6 +51,13 @@
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: so-sdc-kafka-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
#secretsFilePaths: |
# - 'my file 1'
@@ -58,7 +66,7 @@
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdc-controller:1.11.0
+image: onap/so/sdc-controller:1.12.0
pullPolicy: Always
db:
@@ -81,6 +89,16 @@
asdc-connections:
asdc-controller1:
password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+config:
+ someConfig: blah
+ kafka:
+ securityProtocol: SASL_PLAINTEXT
+ saslMechanism: SCRAM-SHA-512
+ authType: simple
+ sdcTopic:
+ pattern: SDC-DIST
+ consumerGroup: so
+ clientId: SO-sdc-controller
replicaCount: 1
minReadySeconds: 10
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index cc63ca5..32e6e47 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -62,6 +62,8 @@
path: /etc/ssl/certs
share_path: /usr/local/share/ca-certificates/
+ soSdcListenerKafkaUser: so-sdc-list-user
+
readinessCheck:
wait_for:
jobs:
@@ -387,6 +389,8 @@
db:
<<: *dbSecrets
logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.soSdcListenerKafkaUser }}'
so-sdnc-adapter:
enabled: true