From 7987c3080243acc2098746c89c1e356a4794b1b1 Mon Sep 17 00:00:00 2001 From: Kochetkov S Date: Thu, 23 Apr 2026 12:48:04 +0300 Subject: [PATCH] contracts,notes,mapper --- .../service-bootstrap-jobs.yaml | 53 +++++++++++++------ 1 file changed, 37 insertions(+), 16 deletions(-) diff --git a/clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml b/clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml index de5130c..e7f9a81 100644 --- a/clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml +++ b/clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml @@ -10,6 +10,8 @@ spec: concurrencyPolicy: Forbid jobTemplate: spec: + backoffLimit: 0 + activeDeadlineSeconds: 600 template: metadata: annotations: @@ -246,20 +248,20 @@ spec: inter_broker_password="$(echo "${bootstrap_json}" | jq -r '.data.data.interBrokerPassword')" [ -n "${inter_broker_password}" ] && [ "${inter_broker_password}" != "null" ] list_json="$(curl -sS -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/secrets/metadata/kafka/apps?list=true")" - target_pod="$(kubectl -n kafka get pod kafka-kafka-contour-controller-0 -o jsonpath='{.metadata.name}' 2>/dev/null || true)" - if [ -z "${target_pod}" ]; then - target_pod="$(kubectl -n kafka get pod -l app.kubernetes.io/component=controller-eligible -o jsonpath='{.items[0].metadata.name}' 2>/dev/null || true)" - fi - if [ -z "${target_pod}" ]; then + target_pod="kafka-kafka-contour-controller-0" + if ! kubectl -n kafka get pod "${target_pod}" >/dev/null 2>&1; then echo "Kafka controller pod not found" exit 1 fi + target_bootstrap="${target_pod}.kafka-kafka-contour-controller-headless.kafka.svc.cluster.local:9094" admin_props="$(mktemp)" printf "%s\n" \ "security.protocol=SASL_PLAINTEXT" \ "sasl.mechanism=PLAIN" \ "sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username='inter_broker_user' password='${inter_broker_password}';" \ + "default.api.timeout.ms=60000" \ + "request.timeout.ms=60000" \ > "${admin_props}" kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc 'cat > /tmp/admin.properties' < "${admin_props}" rm -f "${admin_props}" @@ -272,11 +274,25 @@ spec: [ -z "${password}" ] && continue echo "Reconciling Kafka user ${username}" - kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\ - /opt/bitnami/kafka/bin/kafka-configs.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \ - --alter --add-config 'SCRAM-SHA-512=[password=${password}]' \ - --entity-type users --entity-name '${username}' - " >/dev/null + user_reconciled=false + attempt=1 + while [ "${attempt}" -le 3 ]; do + if kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\ + timeout 60 /opt/bitnami/kafka/bin/kafka-configs.sh --bootstrap-server ${target_bootstrap} --command-config /tmp/admin.properties \ + --alter --add-config 'SCRAM-SHA-512=[password=${password}]' \ + --entity-type users --entity-name '${username}' + " >/dev/null; then + user_reconciled=true + break + fi + echo "Kafka user ${username} reconcile attempt ${attempt}/3 failed" + attempt=$((attempt + 1)) + sleep 5 + done + if [ "${user_reconciled}" != "true" ]; then + echo "Kafka user ${username} reconcile failed, continue" + continue + fi echo "${app_json}" | jq -c '.data.data.topics[]?' | while read -r topic_item; do topic_name="$(echo "${topic_item}" | jq -r '.name // empty')" @@ -286,16 +302,21 @@ spec: [ -z "${topic_name}" ] && continue echo "Reconciling Kafka topic ${topic_name}" - kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\ - /opt/bitnami/kafka/bin/kafka-topics.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \ + if ! kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\ + timeout 40 /opt/bitnami/kafka/bin/kafka-topics.sh --bootstrap-server ${target_bootstrap} --command-config /tmp/admin.properties \ --create --if-not-exists --topic '${topic_name}' --partitions '${partitions}' --replication-factor '${replication_factor}' - " >/dev/null + " >/dev/null; then + echo "Kafka topic ${topic_name} create/reconcile failed, continue" + continue + fi if [ -n "${topic_configs}" ]; then - kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\ - /opt/bitnami/kafka/bin/kafka-configs.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \ + if ! kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\ + timeout 40 /opt/bitnami/kafka/bin/kafka-configs.sh --bootstrap-server ${target_bootstrap} --command-config /tmp/admin.properties \ --alter --entity-type topics --entity-name '${topic_name}' --add-config '${topic_configs}' - " >/dev/null + " >/dev/null; then + echo "Kafka topic ${topic_name} config reconcile failed, continue" + fi fi done done