diff --git a/charts/dependencies/values.yaml b/charts/dependencies/values.yaml
index b4c2a9981851953b5d6d4c921fc993df774ee3cc..a378022a42aad8dcaf9cbf440fe60894049b94b3 100644
--- a/charts/dependencies/values.yaml
+++ b/charts/dependencies/values.yaml
@@ -6,8 +6,8 @@ crossplane:
- code.europa.eu:4567/simpl/simpl-open/development/infrastructure/infrastructure-crossplane/configuration:v0.3.5
gitea:
- # storageClassName: standard
- storageClassName: csi-cinder-high-speed
+ storageClassName: standard
+ # storageClassName: csi-cinder-high-speed
volumeSize: 100G
service:
http:
diff --git a/charts/resources/templates/events/decommission/source.yaml b/charts/resources/templates/events/decommission/source.yaml
index d3b34ea7fbefdc444f20e4a227e9b904e875a090..d005e94709f32aa325440df80d1e007d8640a2dd 100644
--- a/charts/resources/templates/events/decommission/source.yaml
+++ b/charts/resources/templates/events/decommission/source.yaml
@@ -11,6 +11,16 @@ spec:
topic: to-decommission
jsonBody: false
partition: "0"
+ {{- if .Values.kafkaAuth.enable }}
+ sasl:
+ mechanism: {{ .Values.kafkaAuth.mechanism }}
+ userSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: username
+ passwordSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: password
+ {{- end }}
connectionBackoff:
duration: 10s
steps: 3
diff --git a/charts/resources/templates/events/decommission/status-sensor.yaml b/charts/resources/templates/events/decommission/status-sensor.yaml
index d999f5144d3a03a0cde5437690626fbe5a8dd3c7..fbd61f637ac36afad9760fa17080e3825b258790 100644
--- a/charts/resources/templates/events/decommission/status-sensor.yaml
+++ b/charts/resources/templates/events/decommission/status-sensor.yaml
@@ -15,6 +15,16 @@ spec:
kafka:
url: {{ .Values.kafkaEndpoint }}
topic: decommissioned
+ {{- if .Values.kafkaAuth.enable }}
+ sasl:
+ mechanism: {{ .Values.kafkaAuth.mechanism }}
+ userSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: username
+ passwordSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: password
+ {{- end }}
payload:
- src:
dependencyName: message
diff --git a/charts/resources/templates/events/provision/gitops-status-sensor.yaml b/charts/resources/templates/events/provision/gitops-status-sensor.yaml
index 919462c7c67d802d5a2cf303d1ddbbd27d876371..4dfb54db706c5ca95a900901b619aab3e9fa1ce5 100644
--- a/charts/resources/templates/events/provision/gitops-status-sensor.yaml
+++ b/charts/resources/templates/events/provision/gitops-status-sensor.yaml
@@ -16,6 +16,16 @@ spec:
url: {{ .Values.kafkaEndpoint }}
topic: provisioned
partition: 0
+ {{- if .Values.kafkaAuth.enable }}
+ sasl:
+ mechanism: {{ .Values.kafkaAuth.mechanism }}
+ userSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: username
+ passwordSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: password
+ {{- end }}
payload:
- src:
dependencyName: gitops-status
diff --git a/charts/resources/templates/events/provision/source.yaml b/charts/resources/templates/events/provision/source.yaml
index a389c324eb4a1b4d68b503d7eb774ad8ac56879f..fd56ff4c6078aa76e122b32317493a017118e96c 100644
--- a/charts/resources/templates/events/provision/source.yaml
+++ b/charts/resources/templates/events/provision/source.yaml
@@ -11,6 +11,16 @@ spec:
topic: to-provision
jsonBody: false
partition: "0"
+ {{- if .Values.kafkaAuth.enable }}
+ sasl:
+ mechanism: {{ .Values.kafkaAuth.mechanism }}
+ userSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: username
+ passwordSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: password
+ {{- end }}
connectionBackoff:
duration: 10s
steps: 3
diff --git a/charts/resources/templates/events/provision/status-sensor.yaml b/charts/resources/templates/events/provision/status-sensor.yaml
index 47935b53527c140cfc5733d73ca30b19c3fc90b1..349feb598229ea3d4405c999596ca8964c04cd81 100644
--- a/charts/resources/templates/events/provision/status-sensor.yaml
+++ b/charts/resources/templates/events/provision/status-sensor.yaml
@@ -164,10 +164,31 @@ spec:
parameters:
- name: payload
script:
+ {{- if .Values.kafkaAuth.enable }}
+ env:
+ - name: MECHANISM
+ value: {{ .Values.kafkaAuth.mechanism }}
+ - name: USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: username
+ - name: PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: password
+ {{- end }}
image: confluentinc/cp-kafkacat:7.1.14
command: [sh]
+ {{- if .Values.kafkaAuth.enable }}
+ source: |
+ echo {{`{{inputs.parameters.payload}}`}} | kafkacat -P -b {{ .Values.kafkaEndpoint }} -X security.protocol=SASL_PLAINTEXT -X sasl.username="$USERNAME" -X sasl.password="$PASSWORD" -X sasl.mechanism="$MECHANISM" -t provisioned -J
+ {{- else }}
source: |
echo {{`{{inputs.parameters.payload}}`}} | kafkacat -P -b {{ .Values.kafkaEndpoint }} -t provisioned -J
+ {{- end }}
+
parameters:
- src:
dependencyName: message
diff --git a/charts/resources/values.yaml b/charts/resources/values.yaml
index 56d85d04e01329e733f7596242c28712da953c21..5941d462ee643e22a414afa4c55611eab50caf86 100644
--- a/charts/resources/values.yaml
+++ b/charts/resources/values.yaml
@@ -3,4 +3,8 @@ applicationStatusViewerSA: claim-application-status
cliEnabled: true
dependenciesReleaseName: provisioner-dependencies
# kafkaEndpoint: kafka:9092
-kafkaEndpoint: kafka.infrastructure.dev.simpl-europe.eu:9092
\ No newline at end of file
+kafkaEndpoint: kafka.infrastructure.dev.simpl-europe.eu:9092
+kafkaAuth:
+ enable: true
+ mechanism: PLAIN
+ secretName: kafka-secret
\ No newline at end of file
diff --git a/k8s/netdebug.yaml b/k8s/netdebug.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d26eebb6e94d823f529e285527da387340af63c8
--- /dev/null
+++ b/k8s/netdebug.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: kafkacat
+ namespace: infrastructure
+spec:
+ containers:
+ - name: kafkacat
+ image: confluentinc/cp-kafkacat
+ command:
+ - sleep
+ - "3600"
+ imagePullPolicy: Always
+ restartPolicy: Never
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: nettools
+ namespace: infrastructure
+spec:
+ containers:
+ - name: nettools
+ image: jrecord/nettools:latest
+ command:
+ - sleep
+ - "3600"
+ imagePullPolicy: Always
+ restartPolicy: Never
\ No newline at end of file
diff --git a/local-setup.sh b/local-setup.sh
index e37f643cf64d6e66e3b6ce7613bea49c27191ab3..4400e9b2edd40cc171a59861a0ee74a14cb3f28c 100644
--- a/local-setup.sh
+++ b/local-setup.sh
@@ -2,15 +2,15 @@ NS=infrastructure
kubectl create namespace $NS
kubectl create -n $NS secret docker-registry "ec-pull-secret" --docker-server="code.europa.eu:4567" --docker-username="$EC_USERNAME" --docker-password="$EC_PASSWORD"
kubectl create -n $NS secret generic gitea-secret --from-literal=username=gitops_test --from-literal=password=test1234
+kubectl create -n $NS secret generic kafka-secret --from-literal=username=demo --from-literal=password=demo-password
kubectl create -n $NS secret generic ionos-provider --from-literal=credentials="{\"token\":\"${IONOS_TOKEN}\"}"
helm install provisioner-dependencies -n $NS charts/dependencies
sleep 60
helm install provisioner-resources -n $NS charts/resources
-echo "Bearer $(kubectl get -n $NS secret cli.service-account-token -o=jsonpath='{.data.token}' | base64 --decode)" > argowftoken
-kubectl get -n $NS secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d > argopw
-# echo "Bearer $(kubectl get -n infrastructure secret cli.service-account-token -o=jsonpath='{.data.token}' | base64 --decode)" > argowftoken
-# kubectl get -n infrastructure secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d > argopw
-# kubectl port-forward -n infrastructure svc/argocd-server 8888:443
-# kubectl port-forward -n infrastructure svc/argowf-argo-workflows-server 8777:2746
-# kubectl port-forward -n infrastructure svc/gitea-http 8333:3000
\ No newline at end of file
+# Use locally to get access tokens and forward service ports
+# echo "Bearer $(kubectl get -n $NS secret cli.service-account-token -o=jsonpath='{.data.token}' | base64 --decode)" > argowftoken
+# kubectl get -n $NS secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d > argopw
+# kubectl port-forward -n $NS svc/argocd-server 8888:443
+# kubectl port-forward -n $NS svc/argowf-argo-workflows-server 8777:2746
+# kubectl port-forward -n $NS svc/gitea-http 8333:3000
\ No newline at end of file