[CDS-SDC-DIST] Upgrade cds to kafka native
Upgrading cds to use Kafka Native
Adding a CDS Kafka User for topic Auth
Signed-off-by: david.mcweeney <david.mcweeney@est.tech>
Change-Id: If2116a7bf0618c0c2bc42473dccb248cd11ebf92
Issue-ID: DMAAP-1815
diff --git a/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml
index 3710f5f..6024309 100644
--- a/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml
@@ -1,19 +1,18 @@
listenerservice:
config:
- asdcAddress: sdc-be.{{include "common.namespace" .}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }} #SDC-BE
+ sdcAddress: sdc-be.{{include "common.namespace" .}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }} #SDC-BE
messageBusAddress: message-router.{{include "common.namespace" .}} #Message-Router
user: cds #SDC-username
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U #SDC-password
pollingInterval: 15
pollingTimeout: 60
relevantArtifactTypes: TOSCA_CSAR
- consumerGroup: cds
+ consumerGroup: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
+ consumerId: {{ .Values.config.kafka.sdcTopic.clientId }}
environmentName: AUTO
- consumerId: cds
keyStorePassword:
keyStorePath:
activateServerTLSAuth : false
- isUseHttpsWithDmaap: false
isUseHttpsWithSDC: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
archivePath: /opt/app/onap/sdc-listener/
grpcAddress: cds-blueprints-processor-grpc
diff --git a/kubernetes/cds/components/cds-sdc-listener/templates/cds-sdc-list-kafka-user.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/cds-sdc-list-kafka-user.yaml
new file mode 100644
index 0000000..58d99dd
--- /dev/null
+++ b/kubernetes/cds/components/cds-sdc-listener/templates/cds-sdc-list-kafka-user.yaml
@@ -0,0 +1,36 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.global.cdsSdcListenerKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: {{ .Values.config.kafka.saslMechanism | lower }}
+ authorization:
+ type: {{ .Values.config.kafka.authType }}
+ acls:
+ - resource:
+ type: group
+ name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
+ operation: All
+ - resource:
+ type: topic
+ patternType: prefix
+ name: {{ .Values.config.kafka.sdcTopic.pattern }}
+ operation: All
diff --git a/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml
index 3a6d761..d01e3b0 100644
--- a/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright (c) 2019 Bell Canada
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -42,8 +43,6 @@
- --container-name
- sdc-be
- --container-name
- - message-router
- - --container-name
- cds-blueprints-processor
env:
- name: NAMESPACE
@@ -61,6 +60,12 @@
env:
- name: APP_CONFIG_HOME
value: {{ .Values.config.appConfigDir }}
+ - name: SECURITY_PROTOCOL
+ value: {{ .Values.config.kafka.securityProtocol }}
+ - name: SASL_MECHANISM
+ value: {{ .Values.config.kafka.saslMechanism }}
+ - name: SASL_JAAS_CONFIG
+ value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 12 }}
ports:
- containerPort: {{ .Values.service.http.internalPort }}
name: {{ .Values.service.http.portName }}
diff --git a/kubernetes/cds/components/cds-sdc-listener/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml
index 9ceeec8..3d13802 100644
--- a/kubernetes/cds/components/cds-sdc-listener/values.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml
@@ -1,4 +1,5 @@
# Copyright (c) 2019 Bell Canada
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,20 +26,40 @@
persistence:
mountPath: /dockerdata-nfs
+ cdsSdcListenerKafkaUser: cds-sdc-list-user
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-sdclistener:1.4.1
+image: onap/ccsdk-sdclistener:1.5.0
name: sdc-listener
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
+secrets:
+ - uid: cds-sdc-kafka-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
+
# application configuration
config:
appConfigDir: /opt/app/onap/config
+ someConfig: blah
+ kafka:
+ securityProtocol: SASL_PLAINTEXT
+ saslMechanism: SCRAM-SHA-512
+ authType: simple
+ sdcTopic:
+ pattern: SDC-DIST
+ consumerGroup: cds
+ clientId: cds-sdc-listener
# default number of instances
replicaCount: 1
diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml
index 58e6b65..4c06d30 100644
--- a/kubernetes/cds/values.yaml
+++ b/kubernetes/cds/values.yaml
@@ -24,6 +24,7 @@
persistence:
mountPath: /dockerdata-nfs
cdsKafkaUser: cds-kafka-user
+ cdsSdcListenerKafkaUser: cds-sdc-list-user
#################################################################
# Secrets metaconfig
@@ -224,6 +225,8 @@
cds-sdc-listener:
enabled: true
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.cdsSdcListenerKafkaUser }}'
cds-ui:
enabled: true