sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

contracts,notes,mapper

Browse Source
This commit is contained in:
Kochetkov S 2026-04-23 12:48:04 +03:00
parent 1724b8fa1b
commit 7987c30802
1 changed files with 37 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml
View File

@ -10,6 +10,8 @@ spec:
concurrencyPolicy: Forbid concurrencyPolicy: Forbid
jobTemplate: jobTemplate:
spec: spec:
backoffLimit: 0
activeDeadlineSeconds: 600
template: template:
metadata: metadata:
annotations: annotations:
@ -246,20 +248,20 @@ spec:
inter_broker_password="$(echo "${bootstrap_json}" | jq -r '.data.data.interBrokerPassword')" inter_broker_password="$(echo "${bootstrap_json}" | jq -r '.data.data.interBrokerPassword')"
[ -n "${inter_broker_password}" ] && [ "${inter_broker_password}" != "null" ] [ -n "${inter_broker_password}" ] && [ "${inter_broker_password}" != "null" ]
list_json="$(curl -sS -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/secrets/metadata/kafka/apps?list=true")" list_json="$(curl -sS -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/secrets/metadata/kafka/apps?list=true")"
target_pod="$(kubectl -n kafka get pod kafka-kafka-contour-controller-0 -o jsonpath='{.metadata.name}' 2>/dev/null || true)" target_pod="kafka-kafka-contour-controller-0"
if [ -z "${target_pod}" ]; then if ! kubectl -n kafka get pod "${target_pod}" >/dev/null 2>&1; then
target_pod="$(kubectl -n kafka get pod -l app.kubernetes.io/component=controller-eligible -o jsonpath='{.items[0].metadata.name}' 2>/dev/null || true)"
fi
if [ -z "${target_pod}" ]; then
echo "Kafka controller pod not found" echo "Kafka controller pod not found"
exit 1 exit 1
fi fi
target_bootstrap="${target_pod}.kafka-kafka-contour-controller-headless.kafka.svc.cluster.local:9094"
admin_props="$(mktemp)" admin_props="$(mktemp)"
printf "%s\n" \ printf "%s\n" \
"security.protocol=SASL_PLAINTEXT" \ "security.protocol=SASL_PLAINTEXT" \
"sasl.mechanism=PLAIN" \ "sasl.mechanism=PLAIN" \
"sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username='inter_broker_user' password='${inter_broker_password}';" \ "sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username='inter_broker_user' password='${inter_broker_password}';" \
"default.api.timeout.ms=60000" \
"request.timeout.ms=60000" \
> "${admin_props}" > "${admin_props}"
kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc 'cat > /tmp/admin.properties' < "${admin_props}" kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc 'cat > /tmp/admin.properties' < "${admin_props}"
rm -f "${admin_props}" rm -f "${admin_props}"
@ -272,11 +274,25 @@ spec:
[ -z "${password}" ] && continue [ -z "${password}" ] && continue
echo "Reconciling Kafka user ${username}" echo "Reconciling Kafka user ${username}"
kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\ user_reconciled=false
/opt/bitnami/kafka/bin/kafka-configs.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \ attempt=1
--alter --add-config 'SCRAM-SHA-512=[password=${password}]' \ while [ "${attempt}" -le 3 ]; do
--entity-type users --entity-name '${username}' if kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\
" >/dev/null timeout 60 /opt/bitnami/kafka/bin/kafka-configs.sh --bootstrap-server ${target_bootstrap} --command-config /tmp/admin.properties \
--alter --add-config 'SCRAM-SHA-512=[password=${password}]' \
--entity-type users --entity-name '${username}'
" >/dev/null; then
user_reconciled=true
break
fi
echo "Kafka user ${username} reconcile attempt ${attempt}/3 failed"
attempt=$((attempt + 1))
sleep 5
done
if [ "${user_reconciled}" != "true" ]; then
echo "Kafka user ${username} reconcile failed, continue"
continue
fi
echo "${app_json}" | jq -c '.data.data.topics[]?' | while read -r topic_item; do echo "${app_json}" | jq -c '.data.data.topics[]?' | while read -r topic_item; do
topic_name="$(echo "${topic_item}" | jq -r '.name // empty')" topic_name="$(echo "${topic_item}" | jq -r '.name // empty')"
@ -286,16 +302,21 @@ spec:
[ -z "${topic_name}" ] && continue [ -z "${topic_name}" ] && continue
echo "Reconciling Kafka topic ${topic_name}" echo "Reconciling Kafka topic ${topic_name}"
kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\ if ! kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\
/opt/bitnami/kafka/bin/kafka-topics.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \ timeout 40 /opt/bitnami/kafka/bin/kafka-topics.sh --bootstrap-server ${target_bootstrap} --command-config /tmp/admin.properties \
--create --if-not-exists --topic '${topic_name}' --partitions '${partitions}' --replication-factor '${replication_factor}' --create --if-not-exists --topic '${topic_name}' --partitions '${partitions}' --replication-factor '${replication_factor}'
" >/dev/null " >/dev/null; then
echo "Kafka topic ${topic_name} create/reconcile failed, continue"
continue
fi
if [ -n "${topic_configs}" ]; then if [ -n "${topic_configs}" ]; then
kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\ if ! kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\
/opt/bitnami/kafka/bin/kafka-configs.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \ timeout 40 /opt/bitnami/kafka/bin/kafka-configs.sh --bootstrap-server ${target_bootstrap} --command-config /tmp/admin.properties \
--alter --entity-type topics --entity-name '${topic_name}' --add-config '${topic_configs}' --alter --entity-type topics --entity-name '${topic_name}' --add-config '${topic_configs}'
" >/dev/null " >/dev/null; then
echo "Kafka topic ${topic_name} config reconcile failed, continue"
fi
fi fi
done done
done done