contracts,notes,mapper

2026-04-23 12:48:04 +03:00 · 2026-04-23 12:48:04 +03:00 · 7987c30802
commit 7987c30802
parent 1724b8fa1b
1 changed files with 37 additions and 16 deletions
--- a/clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml
+++ b/clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml
@ -10,6 +10,8 @@ spec:
  concurrencyPolicy: Forbid
  jobTemplate:
    spec:
+      backoffLimit: 0
+      activeDeadlineSeconds: 600
      template:
        metadata:
          annotations:
@ -246,20 +248,20 @@ spec:
                  inter_broker_password="$(echo "${bootstrap_json}" | jq -r '.data.data.interBrokerPassword')"
                  [ -n "${inter_broker_password}" ] && [ "${inter_broker_password}" != "null" ]
                  list_json="$(curl -sS -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/secrets/metadata/kafka/apps?list=true")"
-                  target_pod="$(kubectl -n kafka get pod kafka-kafka-contour-controller-0 -o jsonpath='{.metadata.name}' 2>/dev/null || true)"
-                  if [ -z "${target_pod}" ]; then
-                    target_pod="$(kubectl -n kafka get pod -l app.kubernetes.io/component=controller-eligible -o jsonpath='{.items[0].metadata.name}' 2>/dev/null || true)"
-                  fi
-                  if [ -z "${target_pod}" ]; then
+                  target_pod="kafka-kafka-contour-controller-0"
+                  if ! kubectl -n kafka get pod "${target_pod}" >/dev/null 2>&1; then
                    echo "Kafka controller pod not found"
                    exit 1
                  fi
+                  target_bootstrap="${target_pod}.kafka-kafka-contour-controller-headless.kafka.svc.cluster.local:9094"

                  admin_props="$(mktemp)"
                  printf "%s\n" \
                    "security.protocol=SASL_PLAINTEXT" \
                    "sasl.mechanism=PLAIN" \
                    "sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username='inter_broker_user' password='${inter_broker_password}';" \
+                    "default.api.timeout.ms=60000" \
+                    "request.timeout.ms=60000" \
                    > "${admin_props}"
                  kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc 'cat > /tmp/admin.properties' < "${admin_props}"
                  rm -f "${admin_props}"
@ -272,11 +274,25 @@ spec:
                    [ -z "${password}" ] && continue

                    echo "Reconciling Kafka user ${username}"
-                    kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\
-                      /opt/bitnami/kafka/bin/kafka-configs.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \
-                        --alter --add-config 'SCRAM-SHA-512=[password=${password}]' \
-                        --entity-type users --entity-name '${username}'
-                    " >/dev/null
+                    user_reconciled=false
+                    attempt=1
+                    while [ "${attempt}" -le 3 ]; do
+                      if kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\
+                        timeout 60 /opt/bitnami/kafka/bin/kafka-configs.sh --bootstrap-server ${target_bootstrap} --command-config /tmp/admin.properties \
+                          --alter --add-config 'SCRAM-SHA-512=[password=${password}]' \
+                          --entity-type users --entity-name '${username}'
+                      " >/dev/null; then
+                        user_reconciled=true
+                        break
+                      fi
+                      echo "Kafka user ${username} reconcile attempt ${attempt}/3 failed"
+                      attempt=$((attempt + 1))
+                      sleep 5
+                    done
+                    if [ "${user_reconciled}" != "true" ]; then
+                      echo "Kafka user ${username} reconcile failed, continue"
+                      continue
+                    fi

                    echo "${app_json}" | jq -c '.data.data.topics[]?' | while read -r topic_item; do
                      topic_name="$(echo "${topic_item}" | jq -r '.name // empty')"
@ -286,16 +302,21 @@ spec:
                      [ -z "${topic_name}" ] && continue

                      echo "Reconciling Kafka topic ${topic_name}"
-                      kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\
-                        /opt/bitnami/kafka/bin/kafka-topics.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \
+                      if ! kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\
+                        timeout 40 /opt/bitnami/kafka/bin/kafka-topics.sh --bootstrap-server ${target_bootstrap} --command-config /tmp/admin.properties \
                          --create --if-not-exists --topic '${topic_name}' --partitions '${partitions}' --replication-factor '${replication_factor}'
-                      " >/dev/null
+                      " >/dev/null; then
+                        echo "Kafka topic ${topic_name} create/reconcile failed, continue"
+                        continue
+                      fi

                      if [ -n "${topic_configs}" ]; then
-                        kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\
-                          /opt/bitnami/kafka/bin/kafka-configs.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \
+                        if ! kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\
+                          timeout 40 /opt/bitnami/kafka/bin/kafka-configs.sh --bootstrap-server ${target_bootstrap} --command-config /tmp/admin.properties \
                            --alter --entity-type topics --entity-name '${topic_name}' --add-config '${topic_configs}'
-                        " >/dev/null
+                        " >/dev/null; then
+                          echo "Kafka topic ${topic_name} config reconcile failed, continue"
+                        fi
                      fi
                    done
                  done