From d78f7d5ea290f24d5e90ba2bc839886dd3b84391 Mon Sep 17 00:00:00 2001 From: Kochetkov S Date: Tue, 21 Apr 2026 15:27:33 +0300 Subject: [PATCH] add kafka+minio --- .../service-bootstrap-jobs.yaml | 43 ++++++++++++++++--- 1 file changed, 38 insertions(+), 5 deletions(-) diff --git a/clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml b/clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml index 2881d20..3baa2e0 100644 --- a/clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml +++ b/clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml @@ -148,11 +148,24 @@ spec: app_json="$(curl -sS -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/secrets/data/minio/apps/${app}")" username="$(echo "${app_json}" | jq -r '.data.data.username')" password="$(echo "${app_json}" | jq -r '.data.data.password')" + access_key="$(echo "${app_json}" | jq -r '.data.data.access_key // .data.data.username // empty')" + secret_key="$(echo "${app_json}" | jq -r '.data.data.secret_key // .data.data.password // empty')" + policy="$(echo "${app_json}" | jq -r '.data.data.policy // empty')" [ -z "${username}" ] && username="${app}" - [ -z "${password}" ] && continue + [ -z "${access_key}" ] && access_key="${username}" + [ -z "${secret_key}" ] && secret_key="${password}" + [ -z "${secret_key}" ] && continue - /usr/local/bin/mc admin user add local "${username}" "${password}" >/dev/null 2>&1 || true - /usr/local/bin/mc admin user enable local "${username}" >/dev/null 2>&1 || true + /usr/local/bin/mc admin user add local "${access_key}" "${secret_key}" >/dev/null 2>&1 || true + /usr/local/bin/mc admin user enable local "${access_key}" >/dev/null 2>&1 || true + if [ -n "${policy}" ]; then + /usr/local/bin/mc admin policy attach local "${policy}" --user "${access_key}" >/dev/null 2>&1 || true + fi + + echo "${app_json}" | jq -r '.data.data.buckets[]? | if type=="string" then . else .name // empty end' | while read -r bucket; do + [ -z "${bucket}" ] && continue + /usr/local/bin/mc mb --ignore-existing "local/${bucket}" >/dev/null 2>&1 || true + done done --- apiVersion: rbac.authorization.k8s.io/v1 @@ -249,12 +262,32 @@ spec: kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\ cat >/tmp/admin.properties </dev/null + + echo "${app_json}" | jq -c '.data.data.topics[]?' | while read -r topic_item; do + topic_name="$(echo "${topic_item}" | jq -r '.name // empty')" + partitions="$(echo "${topic_item}" | jq -r '.partitions // 3')" + replication_factor="$(echo "${topic_item}" | jq -r '.replication_factor // 1')" + topic_configs="$(echo "${topic_item}" | jq -r '(.configs // {}) | to_entries | map("\(.key)=\(.value|tostring)") | join(",")')" + [ -z "${topic_name}" ] && continue + + kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\ + kafka-topics.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \ + --create --if-not-exists --topic '${topic_name}' --partitions '${partitions}' --replication-factor '${replication_factor}' + " >/dev/null + + if [ -n "${topic_configs}" ]; then + kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\ + kafka-configs.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \ + --alter --entity-type topics --entity-name '${topic_name}' --add-config '${topic_configs}' + " >/dev/null + fi + done done