From bf0b51e4c5fcbaf732ae21fb8d0aa2747c73a141 Mon Sep 17 00:00:00 2001
From: ionutb <corneliu-ionut.beti@ionos.com>
Date: Mon, 16 Dec 2024 11:33:59 +0200
Subject: [PATCH 1/4] kafka sources auth
---
.../templates/events/decommission/source.yaml | 10 ++++++++++
.../resources/templates/events/provision/source.yaml | 10 ++++++++++
2 files changed, 20 insertions(+)
diff --git a/charts/resources/templates/events/decommission/source.yaml b/charts/resources/templates/events/decommission/source.yaml
index d3b34ea..a99f250 100644
--- a/charts/resources/templates/events/decommission/source.yaml
+++ b/charts/resources/templates/events/decommission/source.yaml
@@ -11,6 +11,16 @@ spec:
topic: to-decommission
jsonBody: false
partition: "0"
+ {{- if .Values.kafkaAuth.enable }}
+ sasl:
+ mechanism: {{ .Values.kafkaAuth.mechanism }}
+ userSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: user
+ passwordSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: password
+ {{- end }}
connectionBackoff:
duration: 10s
steps: 3
diff --git a/charts/resources/templates/events/provision/source.yaml b/charts/resources/templates/events/provision/source.yaml
index a389c32..d8a0ab7 100644
--- a/charts/resources/templates/events/provision/source.yaml
+++ b/charts/resources/templates/events/provision/source.yaml
@@ -11,6 +11,16 @@ spec:
topic: to-provision
jsonBody: false
partition: "0"
+ {{- if .Values.kafkaAuth.enable }}
+ sasl:
+ mechanism: {{ .Values.kafkaAuth.mechanism }}
+ userSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: user
+ passwordSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: password
+ {{- end }}
connectionBackoff:
duration: 10s
steps: 3
--
GitLab
From 798df04736698a6925f084e12abca3850142ee97 Mon Sep 17 00:00:00 2001
From: ionutb <corneliu-ionut.beti@ionos.com>
Date: Mon, 16 Dec 2024 12:22:14 +0200
Subject: [PATCH 2/4] sensors auth
---
.../events/decommission/status-sensor.yaml | 10 +++++++++
.../provision/gitops-status-sensor.yaml | 10 +++++++++
.../events/provision/status-sensor.yaml | 21 +++++++++++++++++++
3 files changed, 41 insertions(+)
diff --git a/charts/resources/templates/events/decommission/status-sensor.yaml b/charts/resources/templates/events/decommission/status-sensor.yaml
index d999f51..d849fdb 100644
--- a/charts/resources/templates/events/decommission/status-sensor.yaml
+++ b/charts/resources/templates/events/decommission/status-sensor.yaml
@@ -15,6 +15,16 @@ spec:
kafka:
url: {{ .Values.kafkaEndpoint }}
topic: decommissioned
+ {{- if .Values.kafkaAuth.enable }}
+ sasl:
+ mechanism: {{ .Values.kafkaAuth.mechanism }}
+ userSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: user
+ passwordSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: password
+ {{- end }}
payload:
- src:
dependencyName: message
diff --git a/charts/resources/templates/events/provision/gitops-status-sensor.yaml b/charts/resources/templates/events/provision/gitops-status-sensor.yaml
index 919462c..bf93c71 100644
--- a/charts/resources/templates/events/provision/gitops-status-sensor.yaml
+++ b/charts/resources/templates/events/provision/gitops-status-sensor.yaml
@@ -16,6 +16,16 @@ spec:
url: {{ .Values.kafkaEndpoint }}
topic: provisioned
partition: 0
+ {{- if .Values.kafkaAuth.enable }}
+ sasl:
+ mechanism: {{ .Values.kafkaAuth.mechanism }}
+ userSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: user
+ passwordSecret:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: password
+ {{- end }}
payload:
- src:
dependencyName: gitops-status
diff --git a/charts/resources/templates/events/provision/status-sensor.yaml b/charts/resources/templates/events/provision/status-sensor.yaml
index 47935b5..349feb5 100644
--- a/charts/resources/templates/events/provision/status-sensor.yaml
+++ b/charts/resources/templates/events/provision/status-sensor.yaml
@@ -164,10 +164,31 @@ spec:
parameters:
- name: payload
script:
+ {{- if .Values.kafkaAuth.enable }}
+ env:
+ - name: MECHANISM
+ value: {{ .Values.kafkaAuth.mechanism }}
+ - name: USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: username
+ - name: PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.kafkaAuth.secretName }}
+ key: password
+ {{- end }}
image: confluentinc/cp-kafkacat:7.1.14
command: [sh]
+ {{- if .Values.kafkaAuth.enable }}
+ source: |
+ echo {{`{{inputs.parameters.payload}}`}} | kafkacat -P -b {{ .Values.kafkaEndpoint }} -X security.protocol=SASL_PLAINTEXT -X sasl.username="$USERNAME" -X sasl.password="$PASSWORD" -X sasl.mechanism="$MECHANISM" -t provisioned -J
+ {{- else }}
source: |
echo {{`{{inputs.parameters.payload}}`}} | kafkacat -P -b {{ .Values.kafkaEndpoint }} -t provisioned -J
+ {{- end }}
+
parameters:
- src:
dependencyName: message
--
GitLab
From 4ccad0ffeb834a6986f572a4195f91a9978de4b3 Mon Sep 17 00:00:00 2001
From: ionutb <corneliu-ionut.beti@ionos.com>
Date: Mon, 16 Dec 2024 13:09:28 +0200
Subject: [PATCH 3/4] fix username key
---
charts/dependencies/values.yaml | 4 ++--
charts/resources/templates/events/decommission/source.yaml | 2 +-
.../templates/events/decommission/status-sensor.yaml | 2 +-
.../templates/events/provision/gitops-status-sensor.yaml | 2 +-
charts/resources/templates/events/provision/source.yaml | 2 +-
charts/resources/values.yaml | 6 +++++-
6 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/charts/dependencies/values.yaml b/charts/dependencies/values.yaml
index b4c2a99..a378022 100644
--- a/charts/dependencies/values.yaml
+++ b/charts/dependencies/values.yaml
@@ -6,8 +6,8 @@ crossplane:
- code.europa.eu:4567/simpl/simpl-open/development/infrastructure/infrastructure-crossplane/configuration:v0.3.5
gitea:
- # storageClassName: standard
- storageClassName: csi-cinder-high-speed
+ storageClassName: standard
+ # storageClassName: csi-cinder-high-speed
volumeSize: 100G
service:
http:
diff --git a/charts/resources/templates/events/decommission/source.yaml b/charts/resources/templates/events/decommission/source.yaml
index a99f250..d005e94 100644
--- a/charts/resources/templates/events/decommission/source.yaml
+++ b/charts/resources/templates/events/decommission/source.yaml
@@ -16,7 +16,7 @@ spec:
mechanism: {{ .Values.kafkaAuth.mechanism }}
userSecret:
name: {{ .Values.kafkaAuth.secretName }}
- key: user
+ key: username
passwordSecret:
name: {{ .Values.kafkaAuth.secretName }}
key: password
diff --git a/charts/resources/templates/events/decommission/status-sensor.yaml b/charts/resources/templates/events/decommission/status-sensor.yaml
index d849fdb..fbd61f6 100644
--- a/charts/resources/templates/events/decommission/status-sensor.yaml
+++ b/charts/resources/templates/events/decommission/status-sensor.yaml
@@ -20,7 +20,7 @@ spec:
mechanism: {{ .Values.kafkaAuth.mechanism }}
userSecret:
name: {{ .Values.kafkaAuth.secretName }}
- key: user
+ key: username
passwordSecret:
name: {{ .Values.kafkaAuth.secretName }}
key: password
diff --git a/charts/resources/templates/events/provision/gitops-status-sensor.yaml b/charts/resources/templates/events/provision/gitops-status-sensor.yaml
index bf93c71..4dfb54d 100644
--- a/charts/resources/templates/events/provision/gitops-status-sensor.yaml
+++ b/charts/resources/templates/events/provision/gitops-status-sensor.yaml
@@ -21,7 +21,7 @@ spec:
mechanism: {{ .Values.kafkaAuth.mechanism }}
userSecret:
name: {{ .Values.kafkaAuth.secretName }}
- key: user
+ key: username
passwordSecret:
name: {{ .Values.kafkaAuth.secretName }}
key: password
diff --git a/charts/resources/templates/events/provision/source.yaml b/charts/resources/templates/events/provision/source.yaml
index d8a0ab7..fd56ff4 100644
--- a/charts/resources/templates/events/provision/source.yaml
+++ b/charts/resources/templates/events/provision/source.yaml
@@ -16,7 +16,7 @@ spec:
mechanism: {{ .Values.kafkaAuth.mechanism }}
userSecret:
name: {{ .Values.kafkaAuth.secretName }}
- key: user
+ key: username
passwordSecret:
name: {{ .Values.kafkaAuth.secretName }}
key: password
diff --git a/charts/resources/values.yaml b/charts/resources/values.yaml
index 56d85d0..5941d46 100644
--- a/charts/resources/values.yaml
+++ b/charts/resources/values.yaml
@@ -3,4 +3,8 @@ applicationStatusViewerSA: claim-application-status
cliEnabled: true
dependenciesReleaseName: provisioner-dependencies
# kafkaEndpoint: kafka:9092
-kafkaEndpoint: kafka.infrastructure.dev.simpl-europe.eu:9092
\ No newline at end of file
+kafkaEndpoint: kafka.infrastructure.dev.simpl-europe.eu:9092
+kafkaAuth:
+ enable: true
+ mechanism: PLAIN
+ secretName: kafka-secret
\ No newline at end of file
--
GitLab
From 2292ba8c0ab912e34fe57ead728047f2c2e10352 Mon Sep 17 00:00:00 2001
From: ionutb <corneliu-ionut.beti@ionos.com>
Date: Mon, 16 Dec 2024 13:13:58 +0200
Subject: [PATCH 4/4] update local-setup, add debug pods
---
k8s/netdebug.yaml | 29 +++++++++++++++++++++++++++++
local-setup.sh | 14 +++++++-------
2 files changed, 36 insertions(+), 7 deletions(-)
create mode 100644 k8s/netdebug.yaml
diff --git a/k8s/netdebug.yaml b/k8s/netdebug.yaml
new file mode 100644
index 0000000..d26eebb
--- /dev/null
+++ b/k8s/netdebug.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: kafkacat
+ namespace: infrastructure
+spec:
+ containers:
+ - name: kafkacat
+ image: confluentinc/cp-kafkacat
+ command:
+ - sleep
+ - "3600"
+ imagePullPolicy: Always
+ restartPolicy: Never
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: nettools
+ namespace: infrastructure
+spec:
+ containers:
+ - name: nettools
+ image: jrecord/nettools:latest
+ command:
+ - sleep
+ - "3600"
+ imagePullPolicy: Always
+ restartPolicy: Never
\ No newline at end of file
diff --git a/local-setup.sh b/local-setup.sh
index e37f643..4400e9b 100644
--- a/local-setup.sh
+++ b/local-setup.sh
@@ -2,15 +2,15 @@ NS=infrastructure
kubectl create namespace $NS
kubectl create -n $NS secret docker-registry "ec-pull-secret" --docker-server="code.europa.eu:4567" --docker-username="$EC_USERNAME" --docker-password="$EC_PASSWORD"
kubectl create -n $NS secret generic gitea-secret --from-literal=username=gitops_test --from-literal=password=test1234
+kubectl create -n $NS secret generic kafka-secret --from-literal=username=demo --from-literal=password=demo-password
kubectl create -n $NS secret generic ionos-provider --from-literal=credentials="{\"token\":\"${IONOS_TOKEN}\"}"
helm install provisioner-dependencies -n $NS charts/dependencies
sleep 60
helm install provisioner-resources -n $NS charts/resources
-echo "Bearer $(kubectl get -n $NS secret cli.service-account-token -o=jsonpath='{.data.token}' | base64 --decode)" > argowftoken
-kubectl get -n $NS secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d > argopw
-# echo "Bearer $(kubectl get -n infrastructure secret cli.service-account-token -o=jsonpath='{.data.token}' | base64 --decode)" > argowftoken
-# kubectl get -n infrastructure secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d > argopw
-# kubectl port-forward -n infrastructure svc/argocd-server 8888:443
-# kubectl port-forward -n infrastructure svc/argowf-argo-workflows-server 8777:2746
-# kubectl port-forward -n infrastructure svc/gitea-http 8333:3000
\ No newline at end of file
+# Use locally to get access tokens and forward service ports
+# echo "Bearer $(kubectl get -n $NS secret cli.service-account-token -o=jsonpath='{.data.token}' | base64 --decode)" > argowftoken
+# kubectl get -n $NS secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d > argopw
+# kubectl port-forward -n $NS svc/argocd-server 8888:443
+# kubectl port-forward -n $NS svc/argowf-argo-workflows-server 8777:2746
+# kubectl port-forward -n $NS svc/gitea-http 8333:3000
\ No newline at end of file
--
GitLab