contracts,notes,mapper
This commit is contained in:
parent
266c24bfe8
commit
fc9eb75b3c
@ -232,6 +232,7 @@ spec:
|
|||||||
command: ["/bin/sh", "-ec"]
|
command: ["/bin/sh", "-ec"]
|
||||||
args:
|
args:
|
||||||
- |
|
- |
|
||||||
|
set -e
|
||||||
apk add --no-cache bash curl jq kubectl >/dev/null
|
apk add --no-cache bash curl jq kubectl >/dev/null
|
||||||
|
|
||||||
VAULT_ADDR="http://vault-vault-contour.vault.svc:8200"
|
VAULT_ADDR="http://vault-vault-contour.vault.svc:8200"
|
||||||
@ -243,6 +244,7 @@ spec:
|
|||||||
|
|
||||||
bootstrap_json="$(curl -sS -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/secrets/data/kafka/bootstrap")"
|
bootstrap_json="$(curl -sS -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/secrets/data/kafka/bootstrap")"
|
||||||
inter_broker_password="$(echo "${bootstrap_json}" | jq -r '.data.data.interBrokerPassword')"
|
inter_broker_password="$(echo "${bootstrap_json}" | jq -r '.data.data.interBrokerPassword')"
|
||||||
|
[ -n "${inter_broker_password}" ] && [ "${inter_broker_password}" != "null" ]
|
||||||
list_json="$(curl -sS -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/secrets/metadata/kafka/apps?list=true")"
|
list_json="$(curl -sS -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/secrets/metadata/kafka/apps?list=true")"
|
||||||
target_pod="$(kubectl -n kafka get pod kafka-kafka-contour-controller-0 -o jsonpath='{.metadata.name}' 2>/dev/null || true)"
|
target_pod="$(kubectl -n kafka get pod kafka-kafka-contour-controller-0 -o jsonpath='{.metadata.name}' 2>/dev/null || true)"
|
||||||
if [ -z "${target_pod}" ]; then
|
if [ -z "${target_pod}" ]; then
|
||||||
@ -253,6 +255,15 @@ spec:
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
admin_props="$(mktemp)"
|
||||||
|
printf "%s\n" \
|
||||||
|
"security.protocol=SASL_PLAINTEXT" \
|
||||||
|
"sasl.mechanism=PLAIN" \
|
||||||
|
"sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username='inter_broker_user' password='${inter_broker_password}';" \
|
||||||
|
> "${admin_props}"
|
||||||
|
kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc 'cat > /tmp/admin.properties' < "${admin_props}"
|
||||||
|
rm -f "${admin_props}"
|
||||||
|
|
||||||
for app in $(echo "${list_json}" | jq -r '.data.keys[]?' | sed 's#/$##'); do
|
for app in $(echo "${list_json}" | jq -r '.data.keys[]?' | sed 's#/$##'); do
|
||||||
app_json="$(curl -sS -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/secrets/data/kafka/apps/${app}")"
|
app_json="$(curl -sS -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/secrets/data/kafka/apps/${app}")"
|
||||||
username="$(echo "${app_json}" | jq -r '.data.data.username')"
|
username="$(echo "${app_json}" | jq -r '.data.data.username')"
|
||||||
@ -260,12 +271,8 @@ spec:
|
|||||||
[ -z "${username}" ] && username="${app}"
|
[ -z "${username}" ] && username="${app}"
|
||||||
[ -z "${password}" ] && continue
|
[ -z "${password}" ] && continue
|
||||||
|
|
||||||
|
echo "Reconciling Kafka user ${username}"
|
||||||
kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\
|
kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\
|
||||||
cat >/tmp/admin.properties <<EOF
|
|
||||||
security.protocol=SASL_PLAINTEXT
|
|
||||||
sasl.mechanism=PLAIN
|
|
||||||
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username='inter_broker_user' password='${inter_broker_password}';
|
|
||||||
EOF
|
|
||||||
/opt/bitnami/kafka/bin/kafka-configs.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \
|
/opt/bitnami/kafka/bin/kafka-configs.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \
|
||||||
--alter --add-config 'SCRAM-SHA-512=[password=${password}]' \
|
--alter --add-config 'SCRAM-SHA-512=[password=${password}]' \
|
||||||
--entity-type users --entity-name '${username}'
|
--entity-type users --entity-name '${username}'
|
||||||
@ -278,6 +285,7 @@ spec:
|
|||||||
topic_configs="$(echo "${topic_item}" | jq -r '(.configs // {}) | to_entries | map("\(.key)=\(.value|tostring)") | join(",")')"
|
topic_configs="$(echo "${topic_item}" | jq -r '(.configs // {}) | to_entries | map("\(.key)=\(.value|tostring)") | join(",")')"
|
||||||
[ -z "${topic_name}" ] && continue
|
[ -z "${topic_name}" ] && continue
|
||||||
|
|
||||||
|
echo "Reconciling Kafka topic ${topic_name}"
|
||||||
kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\
|
kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\
|
||||||
/opt/bitnami/kafka/bin/kafka-topics.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \
|
/opt/bitnami/kafka/bin/kafka-topics.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \
|
||||||
--create --if-not-exists --topic '${topic_name}' --partitions '${partitions}' --replication-factor '${replication_factor}'
|
--create --if-not-exists --topic '${topic_name}' --partitions '${partitions}' --replication-factor '${replication_factor}'
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user