diff --git a/.gitignore b/.gitignore index 690a580..b877456 100644 --- a/.gitignore +++ b/.gitignore @@ -7,4 +7,5 @@ ca.pem intermediate.cert.pem pki_intermediate.csr pki-ca-root.json -cert_key_list \ No newline at end of file +cert_key_list +nohup.out diff --git a/examples/basic/README.md b/examples/basic/README.md new file mode 100644 index 0000000..594ada4 --- /dev/null +++ b/examples/basic/README.md @@ -0,0 +1,12 @@ +# Basic Deployment +This example deploys a basic deployment. No RBAC/LDAP. Just a single topic 'foobar' is added as part of the pipeline. +### Deploy CRDs +Deploy the CRDS using the standard way: +```shell +kubectl apply -k ../../kustomize/crds +``` +### Deploy Confluent Operator and Confluent Services +Deploy the confluent operator and services: +```shell +kubectl apply -k . +``` \ No newline at end of file diff --git a/examples/basic/confluent/kafka-connect.yaml b/examples/basic/confluent/kafka-connect.yaml index ae8ceb3..56d66c8 100644 --- a/examples/basic/confluent/kafka-connect.yaml +++ b/examples/basic/confluent/kafka-connect.yaml @@ -5,7 +5,7 @@ metadata: name: connect spec: tls: - secretRef: tls-group1 + autoGeneratedCerts: true dependencies: kafka: bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 diff --git a/examples/basic/confluent/kustomization.yaml b/examples/basic/confluent/kustomization.yaml index 50b9d09..b214b45 100644 --- a/examples/basic/confluent/kustomization.yaml +++ b/examples/basic/confluent/kustomization.yaml @@ -1,8 +1,7 @@ namespace: sandbox resources: -- ./namespace.yaml +- namespace.yaml - ../../../kustomize/base/confluent -- ../../../kustomize/base/secrets-tls patchesStrategicMerge: - zookeeper.yaml - kafka.yaml diff --git a/examples/basic/operator/clusterrolebinding.yaml b/examples/basic/operator/clusterrolebinding.yaml deleted file mode 100644 index 08c3483..0000000 --- a/examples/basic/operator/clusterrolebinding.yaml +++ /dev/null @@ -1,8 +0,0 @@ -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: confluent-operator -subjects: -- kind: ServiceAccount - name: confluent-for-kubernetes - namespace: sandbox diff --git a/examples/basic/operator/kustomization.yaml b/examples/basic/operator/kustomization.yaml index c3fa8fe..339e199 100644 --- a/examples/basic/operator/kustomization.yaml +++ b/examples/basic/operator/kustomization.yaml @@ -2,5 +2,4 @@ namespace: sandbox resources: - ../../../kustomize/base/operator patchesStrategicMerge: - - clusterrolebinding.yaml - deployment.yaml \ No newline at end of file diff --git a/examples/custom-connect/Dockerfile b/examples/custom-connect-gcs/Dockerfile similarity index 100% rename from examples/custom-connect/Dockerfile rename to examples/custom-connect-gcs/Dockerfile diff --git a/examples/custom-connect/README.md b/examples/custom-connect-gcs/README.md similarity index 100% rename from examples/custom-connect/README.md rename to examples/custom-connect-gcs/README.md diff --git a/examples/custom-connect/build-inside.sh b/examples/custom-connect-gcs/build-inside.sh similarity index 100% rename from examples/custom-connect/build-inside.sh rename to examples/custom-connect-gcs/build-inside.sh diff --git a/examples/custom-connect/confluent/gcs-connect.yaml b/examples/custom-connect-gcs/confluent/gcs-connect.yaml similarity index 100% rename from examples/custom-connect/confluent/gcs-connect.yaml rename to examples/custom-connect-gcs/confluent/gcs-connect.yaml diff --git a/examples/custom-connect/confluent/kafka.yaml b/examples/custom-connect-gcs/confluent/kafka.yaml similarity index 100% rename from examples/custom-connect/confluent/kafka.yaml rename to examples/custom-connect-gcs/confluent/kafka.yaml diff --git a/examples/custom-connect/confluent/kustomization.yaml b/examples/custom-connect-gcs/confluent/kustomization.yaml similarity index 100% rename from examples/custom-connect/confluent/kustomization.yaml rename to examples/custom-connect-gcs/confluent/kustomization.yaml diff --git a/examples/custom-connect/confluent/namespace.yaml b/examples/custom-connect-gcs/confluent/namespace.yaml similarity index 100% rename from examples/custom-connect/confluent/namespace.yaml rename to examples/custom-connect-gcs/confluent/namespace.yaml diff --git a/examples/custom-connect/confluent/rest-class.yaml b/examples/custom-connect-gcs/confluent/rest-class.yaml similarity index 100% rename from examples/custom-connect/confluent/rest-class.yaml rename to examples/custom-connect-gcs/confluent/rest-class.yaml diff --git a/examples/custom-connect/confluent/source-topic.yaml b/examples/custom-connect-gcs/confluent/source-topic.yaml similarity index 100% rename from examples/custom-connect/confluent/source-topic.yaml rename to examples/custom-connect-gcs/confluent/source-topic.yaml diff --git a/examples/custom-connect/confluent/zookeeper.yaml b/examples/custom-connect-gcs/confluent/zookeeper.yaml similarity index 100% rename from examples/custom-connect/confluent/zookeeper.yaml rename to examples/custom-connect-gcs/confluent/zookeeper.yaml diff --git a/examples/custom-connect/gcs-sink.json b/examples/custom-connect-gcs/gcs-sink.json similarity index 100% rename from examples/custom-connect/gcs-sink.json rename to examples/custom-connect-gcs/gcs-sink.json diff --git a/examples/custom-connect/kustomization.yaml b/examples/custom-connect-gcs/kustomization.yaml similarity index 100% rename from examples/custom-connect/kustomization.yaml rename to examples/custom-connect-gcs/kustomization.yaml diff --git a/examples/custom-connect/operator/deployment.yaml b/examples/custom-connect-gcs/operator/deployment.yaml similarity index 100% rename from examples/custom-connect/operator/deployment.yaml rename to examples/custom-connect-gcs/operator/deployment.yaml diff --git a/examples/custom-connect/operator/kustomization.yaml b/examples/custom-connect-gcs/operator/kustomization.yaml similarity index 100% rename from examples/custom-connect/operator/kustomization.yaml rename to examples/custom-connect-gcs/operator/kustomization.yaml diff --git a/examples/custom-connect/rolebindings/connect/connect-base.yaml b/examples/custom-connect-gcs/rolebindings/connect/connect-base.yaml similarity index 100% rename from examples/custom-connect/rolebindings/connect/connect-base.yaml rename to examples/custom-connect-gcs/rolebindings/connect/connect-base.yaml diff --git a/examples/custom-connect/rolebindings/connect/connect-topics.yaml b/examples/custom-connect-gcs/rolebindings/connect/connect-topics.yaml similarity index 100% rename from examples/custom-connect/rolebindings/connect/connect-topics.yaml rename to examples/custom-connect-gcs/rolebindings/connect/connect-topics.yaml diff --git a/examples/custom-connect/rolebindings/connect/gcs-connect-rb.yaml b/examples/custom-connect-gcs/rolebindings/connect/gcs-connect-rb.yaml similarity index 100% rename from examples/custom-connect/rolebindings/connect/gcs-connect-rb.yaml rename to examples/custom-connect-gcs/rolebindings/connect/gcs-connect-rb.yaml diff --git a/examples/custom-connect/rolebindings/connect/kustomization.yaml b/examples/custom-connect-gcs/rolebindings/connect/kustomization.yaml similarity index 100% rename from examples/custom-connect/rolebindings/connect/kustomization.yaml rename to examples/custom-connect-gcs/rolebindings/connect/kustomization.yaml diff --git a/examples/custom-connect/rolebindings/controlcenter-testadmin-rolebindings.yaml b/examples/custom-connect-gcs/rolebindings/controlcenter-testadmin-rolebindings.yaml similarity index 100% rename from examples/custom-connect/rolebindings/controlcenter-testadmin-rolebindings.yaml rename to examples/custom-connect-gcs/rolebindings/controlcenter-testadmin-rolebindings.yaml diff --git a/examples/custom-connect/rolebindings/kustomization.yaml b/examples/custom-connect-gcs/rolebindings/kustomization.yaml similarity index 100% rename from examples/custom-connect/rolebindings/kustomization.yaml rename to examples/custom-connect-gcs/rolebindings/kustomization.yaml diff --git a/examples/custom-connect-sql/Dockerfile b/examples/custom-connect-sql/Dockerfile new file mode 100644 index 0000000..eb61267 --- /dev/null +++ b/examples/custom-connect-sql/Dockerfile @@ -0,0 +1,6 @@ +FROM confluentinc/cp-server-connect-operator:6.1.2.1 +USER root +ENV CONNECT_PLUGIN_PATH="/usr/share/java,/usr/share/confluent-hub-components" +RUN confluent-hub install --no-prompt debezium/debezium-connector-sqlserver:1.6.0 +RUN confluent-hub install --no-prompt confluentinc/kafka-connect-jdbc:10.1.1 +USER 1001 \ No newline at end of file diff --git a/examples/custom-connect-sql/README.md b/examples/custom-connect-sql/README.md new file mode 100644 index 0000000..71e1827 --- /dev/null +++ b/examples/custom-connect-sql/README.md @@ -0,0 +1,59 @@ +## Custom Connect Image / Debezium SQL Server +In this example we go through the following process: + +* Build a 'custom' kafka connect image with [Debezium](https://debezium.io/) plug-in, and make available to the internal (minikube) kubernetes cluster +* Initiate a SQLServer stub populated with the traditional '[AdventureWorks](https://docs.microsoft.com/en-us/sql/samples/adventureworks-install-configure?view=sql-server-ver15&tabs=ssms)' database, and enable [CDC](https://en.wikipedia.org/wiki/Change_data_capture) on select tables +* Deploy a connector via a cURL command +* Observe how changes to CDC enabled tables will trigger events in Kafka + +NOTE: For ease of readability, we will simply reference the scripts that perform the actions of the following stages. For better understanding of what is actually being done, please review the scripts themselves which will have their own comments/notations. **Assumptions are that you will be running all commands from the present directory** + +### Building the custom docker image +The Dockerfile installs a custom plugin with the following line: `RUN confluent-hub install --no-prompt debezium/debezium-connector-sqlserver:1.6.0`. To build, run: + +```shell +./build-inside.sh +``` +### Deploy CRDs +Deploy the CRDS using the standard way: +```shell +kubectl apply -k ../../kustomize/crds +``` +### Deploy Confluent Operator and Confluent Services +Deploy the confluent operator and services: +```shell +kubectl apply -k . +``` +### Enable CDC on 'person' table of AdventureWorks Database +CDC needs to be enabled on a table by table basis. This table is also referenced in the prod-mssql-connnector.json file. +```shell +./enable_cdc.sh +Context "minikube" modified. +Changed database context to 'AdventureWorks'. +Job 'cdc.AdventureWorks_capture' started successfully. +Job 'cdc.AdventureWorks_cleanup' started successfully. +``` +### Deploy Debezium Connector +A curl request is sent to the 'connect pod' to install the connector. +```shell +./deploy_connector.sh +``` + +At this stage, if you log onto Control Center, you should see a running connector: + +![connector](./connect_image.png) + +### Update CDC enabled 'Person' table +Now we will send a SQL Command that will update all users in the person.Person table on the AdventureWorks database: + +```shell +./update_person.sh +Context "minikube" modified. +Changed database context to 'AdventureWorks'. + +(19972 rows affected) +``` +If you observe the automatically created topic `adventureworks-connect.Person.Person` you will see the update event messages streaming through + + +![topic_update](./topic_update.png) \ No newline at end of file diff --git a/examples/custom-connect-sql/build-inside.sh b/examples/custom-connect-sql/build-inside.sh new file mode 100755 index 0000000..e2f18e4 --- /dev/null +++ b/examples/custom-connect-sql/build-inside.sh @@ -0,0 +1,3 @@ +#!/bin/bash +eval $(minikube docker-env) +docker build -t sandbox-example-connect . \ No newline at end of file diff --git a/examples/openshift-basic/confluent/control-centre.yaml b/examples/custom-connect-sql/confluent/control-centre.yaml similarity index 74% rename from examples/openshift-basic/confluent/control-centre.yaml rename to examples/custom-connect-sql/confluent/control-centre.yaml index b3bc192..e41eb03 100644 --- a/examples/openshift-basic/confluent/control-centre.yaml +++ b/examples/custom-connect-sql/confluent/control-centre.yaml @@ -4,8 +4,6 @@ kind: ControlCenter metadata: name: controlcenter spec: - podTemplate: - podSecurityContext: {} tls: autoGeneratedCerts: true dependencies: @@ -18,11 +16,6 @@ spec: url: https://connect.sandbox.svc.cluster.local:8083 tls: enabled: true - ksqldb: - - name: ksqldb - url: https://ksqldb.sandbox.svc.cluster.local:8088 - tls: - enabled: true schemaRegistry: url: https://schemaregistry.sandbox.svc.cluster.local:8081 tls: diff --git a/examples/custom-connect-sql/confluent/custom-kafka-connect.yaml b/examples/custom-connect-sql/confluent/custom-kafka-connect.yaml new file mode 100644 index 0000000..fe29d59 --- /dev/null +++ b/examples/custom-connect-sql/confluent/custom-kafka-connect.yaml @@ -0,0 +1,31 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Connect +metadata: + name: connect +spec: + replicas: 1 + image: + application: sandbox-example-connect:latest + init: confluentinc/cp-init-container-operator:6.1.2.0 + tls: + autoGeneratedCerts: true + dependencies: + kafka: + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + tls: + enabled: true + configOverrides: + server: + - group.id=debezium-cluster + - offset.storage.replication.factor=3 + - config.storage.replication.factor=3 + - status.storage.replication.factor=3 + - config.storage.topic=_confluent-connect-configs + - offset.storage.topic=_confluent-connect-offsets + - status.storage.topic=_confluent-connect-status + - confluent.topic.security.protocol=SASL_SSL + - confluent.topic.sasl.mechanism=OAUTHBEARER + - confluent.topic.sasl.login.callback.handler.class=io.confluent.kafka.clients.plugins.auth.token.TokenUserLoginCallbackHandler + - confluent.topic.ssl.truststore.location=/mnt/sslcerts/truststore.jks + - confluent.topic.ssl.truststore.password=${file:/mnt/sslcerts/jksPassword.txt:jksPassword} + diff --git a/examples/openshift-basic/confluent/kafka.yaml b/examples/custom-connect-sql/confluent/kafka.yaml similarity index 74% rename from examples/openshift-basic/confluent/kafka.yaml rename to examples/custom-connect-sql/confluent/kafka.yaml index 98cc429..ec90359 100644 --- a/examples/openshift-basic/confluent/kafka.yaml +++ b/examples/custom-connect-sql/confluent/kafka.yaml @@ -3,17 +3,9 @@ kind: Kafka metadata: name: kafka spec: - podTemplate: - podSecurityContext: {} - resources: - requests: - memory: 256Mi - cpu: 100m - limits: - memory: 1Gi - cpu: 500m configOverrides: server: + - auto.create.topics.enable = true - confluent.schema.registry.url=https://schemaregistry.sandbox.svc.cluster.local:8081 tls: autoGeneratedCerts: true diff --git a/examples/openshift-basic/confluent/kustomization.yaml b/examples/custom-connect-sql/confluent/kustomization.yaml similarity index 81% rename from examples/openshift-basic/confluent/kustomization.yaml rename to examples/custom-connect-sql/confluent/kustomization.yaml index 140eb58..c4c6f8d 100644 --- a/examples/openshift-basic/confluent/kustomization.yaml +++ b/examples/custom-connect-sql/confluent/kustomization.yaml @@ -1,11 +1,11 @@ namespace: sandbox resources: +- ./namespace.yaml - ../../../kustomize/base/confluent - ../../../kustomize/base/secrets-tls patchesStrategicMerge: + - custom-kafka-connect.yaml - zookeeper.yaml - kafka.yaml - control-centre.yaml - - kafka-connect.yaml - - ksqldb.yaml - schema-registry.yaml \ No newline at end of file diff --git a/examples/openshift-basic/namespace.yaml b/examples/custom-connect-sql/confluent/namespace.yaml similarity index 100% rename from examples/openshift-basic/namespace.yaml rename to examples/custom-connect-sql/confluent/namespace.yaml diff --git a/examples/openshift-basic/confluent/schema-registry.yaml b/examples/custom-connect-sql/confluent/schema-registry.yaml similarity index 86% rename from examples/openshift-basic/confluent/schema-registry.yaml rename to examples/custom-connect-sql/confluent/schema-registry.yaml index e4d8c43..f98f5b6 100644 --- a/examples/openshift-basic/confluent/schema-registry.yaml +++ b/examples/custom-connect-sql/confluent/schema-registry.yaml @@ -3,8 +3,6 @@ kind: SchemaRegistry metadata: name: schemaregistry spec: - podTemplate: - podSecurityContext: {} tls: autoGeneratedCerts: true dependencies: diff --git a/examples/custom-connect-sql/confluent/zookeeper.yaml b/examples/custom-connect-sql/confluent/zookeeper.yaml new file mode 100644 index 0000000..fbf0fb4 --- /dev/null +++ b/examples/custom-connect-sql/confluent/zookeeper.yaml @@ -0,0 +1,7 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Zookeeper +metadata: + name: zookeeper +spec: + tls: + autoGeneratedCerts: true \ No newline at end of file diff --git a/examples/custom-connect-sql/connect_image.png b/examples/custom-connect-sql/connect_image.png new file mode 100644 index 0000000..d393a31 Binary files /dev/null and b/examples/custom-connect-sql/connect_image.png differ diff --git a/examples/custom-connect-sql/custom-connect/adventure-works-sql-server.yaml b/examples/custom-connect-sql/custom-connect/adventure-works-sql-server.yaml new file mode 100644 index 0000000..638d6f9 --- /dev/null +++ b/examples/custom-connect-sql/custom-connect/adventure-works-sql-server.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: Pod +metadata: + name: sql-server + namespace: sandbox + labels: + role: sql-server + app: sql-server +spec: + containers: + - name: sql-server + image: boysherman/sqlserver-adventureworks:latest + ports: + - name: sql + containerPort: 1433 + env: + - name: ACCEPT_EULA + value: "Y" + - name: SA_PASSWORD + value: "nbBg8G4DkR83Xs" + - name: MSSQL_AGENT_ENABLED + value: "true" + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + name: sql-server + labels: + app: sql-server + namespace: sandbox +spec: + ports: + - port: 1433 + name: sql + clusterIP: None + selector: + app: sql-server + + + diff --git a/examples/custom-connect-sql/custom-connect/kustomization.yaml b/examples/custom-connect-sql/custom-connect/kustomization.yaml new file mode 100644 index 0000000..41def4a --- /dev/null +++ b/examples/custom-connect-sql/custom-connect/kustomization.yaml @@ -0,0 +1,3 @@ +namespace: sandbox +resources: +- adventure-works-sql-server.yaml \ No newline at end of file diff --git a/examples/custom-connect-sql/deploy_connector.sh b/examples/custom-connect-sql/deploy_connector.sh new file mode 100755 index 0000000..0b2fbcf --- /dev/null +++ b/examples/custom-connect-sql/deploy_connector.sh @@ -0,0 +1,3 @@ +#!/bin/bash +export CONNECTOR_CONFIG=$(cat ./prod-mssql-connector.json) +kubectl exec -i connect-0 -c connect -- curl -k -X PUT -H 'Content-Type:application/json' -d "$CONNECTOR_CONFIG" https://localhost:8083/connectors/debezium-sql-server/config \ No newline at end of file diff --git a/examples/custom-connect-sql/enable_cdc.sh b/examples/custom-connect-sql/enable_cdc.sh new file mode 100755 index 0000000..6c44d3e --- /dev/null +++ b/examples/custom-connect-sql/enable_cdc.sh @@ -0,0 +1,26 @@ +#!/bin/bash +kubectl config set-context --current --namespace=sandbox +kubectl exec -i sql-server -- \ +tee -a /tmp/person.sql > /dev/null <\" password=\"\";", + "database.history.producer.sasl.mechanism": "PLAIN", + + "database.history.consumer.bootstrap.servers": "kafka.sandbox.svc.cluster.local:9071", + "database.history.consumer.security.protocol": "SSL", + "database.history.consumer.ssl.keystore.location": "/mnt/sslcerts/keystore.jks", + "database.history.consumer.ssl.keystore.password": "mystorepassword", + "database.history.consumer.ssl.truststore.location": "/mnt/sslcerts/truststore.jks", + "database.history.consumer.ssl.truststore.password": "mystorepassword", + "database.history.consumer.sasl.mechanism": "PLAIN", + + "decimal.handling.mode": "double", + "time.precision.mode": "connect", + "database.history.skip.unparseable.ddl": false, + "database.history.store.only.monitored.tables.ddl": false, + "table.include.list": "person.Person", + "table.ignore.builtin": false, + "include.schema.changes": true +} + diff --git a/examples/custom-connect-sql/topic_update.png b/examples/custom-connect-sql/topic_update.png new file mode 100644 index 0000000..d0676f3 Binary files /dev/null and b/examples/custom-connect-sql/topic_update.png differ diff --git a/examples/custom-connect-sql/topics/foobar-topic.yaml b/examples/custom-connect-sql/topics/foobar-topic.yaml new file mode 100644 index 0000000..40eb720 --- /dev/null +++ b/examples/custom-connect-sql/topics/foobar-topic.yaml @@ -0,0 +1,23 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: adventureworks-connect +spec: + replicas: 1 + partitionCount: 2 +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: adventureworks-connect.person.person +spec: + replicas: 1 + partitionCount: 2 +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: adventureworks-connect-history +spec: + replicas: 1 + partitionCount: 2 diff --git a/examples/custom-connect-sql/topics/kustomization.yaml b/examples/custom-connect-sql/topics/kustomization.yaml new file mode 100644 index 0000000..c14f854 --- /dev/null +++ b/examples/custom-connect-sql/topics/kustomization.yaml @@ -0,0 +1,3 @@ +namespace: sandbox +resources: + - foobar-topic.yaml \ No newline at end of file diff --git a/examples/custom-connect-sql/transaction-jdbc.json b/examples/custom-connect-sql/transaction-jdbc.json new file mode 100644 index 0000000..1353a7e --- /dev/null +++ b/examples/custom-connect-sql/transaction-jdbc.json @@ -0,0 +1,21 @@ +{ + "connector.class": "io.confluent.connect.jdbc.JdbcSourceConnector", + "connection.url": "jdbc:sqlserver://DB_HOST;databaseName=DB_NAME", + "connection.user": "DATABASE_USER", + "connection.password": "DATABASE_PASS", + "db.timezone": "Asia/Riyadh", + "mode": "incrementing", + "incrementing.column.name": "TRANS_ID", + "query": "SELECT * FROM T_PRT_TRANSACTION_V", + "topic.prefix": "transaction", + + "principal.service.name": "CONNECT_USER", + "principal.service.password": "CONNECT_PASS", + + "transforms": "createKey,extractInt", + "transforms.createKey.type": "org.apache.kafka.connect.transforms.ValueToKey", + "transforms.createKey.fields": "JOURNAL_NUMBER", + "transforms.extractInt.type": "org.apache.kafka.connect.transforms.ExtractField$Key", + "transforms.extractInt.field": "JOURNAL_NUMBER" + + } diff --git a/examples/custom-connect-sql/update.sql b/examples/custom-connect-sql/update.sql new file mode 100644 index 0000000..0d84e34 --- /dev/null +++ b/examples/custom-connect-sql/update.sql @@ -0,0 +1,6 @@ +use AdventureWorks +GO +update person.Person +set ModifiedDate = GETDATE() +WHERE 1=1 +GO diff --git a/examples/custom-connect-sql/update_person.sh b/examples/custom-connect-sql/update_person.sh new file mode 100755 index 0000000..e9fb72e --- /dev/null +++ b/examples/custom-connect-sql/update_person.sh @@ -0,0 +1,4 @@ +#!/bin/bash +kubectl config set-context --current --namespace=sandbox +export UPDATE_CONFIG=$(cat ./update.sql) +kubectl exec sql-server -n sandbox -- /opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P "nbBg8G4DkR83Xs" -q "$UPDATE_CONFIG" && exit diff --git a/examples/openshift-basic/confluent/kafka-connect.yaml b/examples/openshift-basic/confluent/kafka-connect.yaml deleted file mode 100644 index f6df646..0000000 --- a/examples/openshift-basic/confluent/kafka-connect.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Connect -metadata: - name: connect -spec: - podTemplate: - podSecurityContext: {} - tls: - secretRef: tls-group1 - dependencies: - kafka: - bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 - tls: - enabled: true - diff --git a/examples/openshift-basic/confluent/ksqldb.yaml b/examples/openshift-basic/confluent/ksqldb.yaml deleted file mode 100644 index 8b222ac..0000000 --- a/examples/openshift-basic/confluent/ksqldb.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: KsqlDB -metadata: - name: ksqldb -spec: - podTemplate: - podSecurityContext: {} - tls: - autoGeneratedCerts: true - dependencies: - kafka: - bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 - tls: - enabled: true diff --git a/examples/openshift-basic/confluent/zookeeper.yaml b/examples/openshift-basic/confluent/zookeeper.yaml deleted file mode 100644 index c2e065e..0000000 --- a/examples/openshift-basic/confluent/zookeeper.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: Zookeeper -metadata: - name: zookeeper -spec: - replicas: 3 - podTemplate: - podSecurityContext: {} - resources: - requests: - memory: 256Mi - cpu: 100m - limits: - memory: 1Gi - cpu: 500m - tls: - autoGeneratedCerts: true diff --git a/examples/openshift-basic/kustomization.yaml b/examples/openshift-basic/kustomization.yaml deleted file mode 100644 index 7c29aea..0000000 --- a/examples/openshift-basic/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -namespace: sandbox -resources: - - namespace.yaml - - confluent - - operator diff --git a/examples/openshift-basic/operator/clusterrolebinding.yaml b/examples/openshift-basic/operator/clusterrolebinding.yaml deleted file mode 100644 index 08c3483..0000000 --- a/examples/openshift-basic/operator/clusterrolebinding.yaml +++ /dev/null @@ -1,8 +0,0 @@ -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: confluent-operator -subjects: -- kind: ServiceAccount - name: confluent-for-kubernetes - namespace: sandbox diff --git a/examples/openshift-basic/topics/foobar-topic.yaml b/examples/openshift-basic/topics/foobar-topic.yaml deleted file mode 100644 index 41d76e8..0000000 --- a/examples/openshift-basic/topics/foobar-topic.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaTopic -metadata: - name: foobar -spec: - kafkaClusterRef: - name: kafka - namespace: sandbox - kafkaRest: - authentication: - type: basic - endpoint: https://kafka.sandbox.svc.cluster.local:8090 - configs: - confluent.key.schema.validation: "true" diff --git a/examples/openshift-basic/topics/kustomization.yaml b/examples/openshift-basic/topics/kustomization.yaml deleted file mode 100644 index 45f0bca..0000000 --- a/examples/openshift-basic/topics/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -namespace: sandbox -resources: - - ../../../kustomize/base/topics -patchesStrategicMerge: - - foobar-topic.yaml \ No newline at end of file diff --git a/examples/rbac/confluent/kustomization.yaml b/examples/rbac/confluent/kustomization.yaml index 94b2f6e..046a112 100644 --- a/examples/rbac/confluent/kustomization.yaml +++ b/examples/rbac/confluent/kustomization.yaml @@ -1,5 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization namespace: sandbox resources: +- ldap.yaml - ../../../kustomize/base/confluent - ../../../kustomize/base/secrets-tls - ../../../kustomize/base/secrets-user diff --git a/examples/rbac/confluent/ldap.yaml b/examples/rbac/confluent/ldap.yaml new file mode 100644 index 0000000..8110e93 --- /dev/null +++ b/examples/rbac/confluent/ldap.yaml @@ -0,0 +1,171 @@ +apiVersion: v1 +kind: Pod +metadata: + name: ldap + labels: + role: ldap + app: ldap +spec: + containers: + - name: ldap + args: + - --copy-service + - --loglevel=debug + image: osixia/openldap:1.3.0 + ports: + - name: ldap + containerPort: 389 + - name: ldaps + containerPort: 636 + livenessProbe: + tcpSocket: + port: 389 + initialDelaySeconds: 15 + periodSeconds: 20 + env: + - name: LDAP_ORGANISATION + value: "Test Inc." + - name: LDAP_DOMAIN + value: "test.com" + - name: LDAP_ADMIN_PASSWORD + value: "confluentrox" + - name: LDAP_CONFIG_PASSWORD + value: "confluentconfigrox" + - name: LDAP_READONLY_USER + value: "True" + - name: LDAP_READONLY_USER_USERNAME + value: "mds" + - name: LDAP_READONLY_USER_PASSWORD + value: "Developer!" + - name: LDAP_TLS + value: "False" + volumeMounts: + - mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom + name: customldif + - mountPath: /var/lib/ldap + name: ldap-data + - mountPath: /etc/ldap/slapd.d + name: ldap-config + volumes: + - name: customldif + configMap: + defaultMode: 420 + name: ldap-ldifs + - name: ldap-data + emptyDir: {} + - name: ldap-config + emptyDir: {} + restartPolicy: Always +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ldap-ldifs +data: + 0_groups.ldif: |- + dn: ou=groups,dc=test,dc=com + objectClass: organizationalUnit + objectClass: top + ou: groups + 0_users.ldif: |- + dn: ou=users,dc=test,dc=com + objectClass: organizationalUnit + objectClass: top + ou: users + 1_emmy.ldif: |- + dn: cn=emmy,ou=users,dc=test,dc=com + userPassword: emmy-secret + objectClass: simpleSecurityObject + objectClass: organizationalRole + description: Interested in action and conservation. If you like it, you should put a Noetherian Ring on it. + cn: emmy + 1_alice.ldif: |- + dn: cn=alice,ou=users,dc=test,dc=com + userPassword: alice-secret + objectClass: simpleSecurityObject + objectClass: organizationalRole + description: Alice is great at changing perspectives, but sometimes chases down rabbit holes + cn: alice + 1_developers.ldif: |- + dn: cn=developers,ou=groups,dc=test,dc=com + objectClass: top + objectClass: groupOfNames + description: A group of software developers and the apps they are responsible for + cn: developers + member: cn=emmy,ou=users,dc=test,dc=com + member: cn=alice,ou=users,dc=test,dc=com + 1_kafka.ldif: |- + dn: cn=kafka,ou=users,dc=test,dc=com + userPassword: kafka-secret + description: kafka user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: kafka + 1_erp.ldif: |- + dn: cn=erp,ou=users,dc=test,dc=com + userPassword: erp-secret + description: erp user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: erp + 1_sr.ldif: |- + dn: cn=sr,ou=users,dc=test,dc=com + userPassword: sr-secret + description: schema registry user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: sr + 1_c3.ldif: |- + dn: cn=c3,ou=users,dc=test,dc=com + userPassword: c3-secret + description: control center user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: c3 + 1_ksql.ldif: |- + dn: cn=ksql,ou=users,dc=test,dc=com + userPassword: ksql-secret + description: ksql user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: ksql + 1_connect.ldif: |- + dn: cn=connect,ou=users,dc=test,dc=com + userPassword: connect-secret + description: connect user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: connect + 1_replicator.ldif: |- + dn: cn=replicator,ou=users,dc=test,dc=com + userPassword: replicator-secret + description: replicator user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: replicator + 1_c3-test.ldif: |- + dn: cn=testadmin,ou=users,dc=test,dc=com + userPassword: testadmin + description: testadmin user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: testadmin +--- +apiVersion: v1 +kind: Service +metadata: + name: ldap + labels: + app: ldap +spec: + ports: + - port: 389 + name: ldap + - port: 636 + name: ldaps + clusterIP: None + selector: + app: ldap + + + diff --git a/examples/rbac/kustomization.yaml b/examples/rbac/kustomization.yaml index 7e1c9e5..e76303c 100644 --- a/examples/rbac/kustomization.yaml +++ b/examples/rbac/kustomization.yaml @@ -1,9 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization namespace: sandbox resources: - namespace.yaml - - ldap.yaml - confluent - - operator +# - operator - rolebindings - topics diff --git a/examples/rbac/rolebindings/controlcenter-testadmin-rolebindings.yaml b/examples/rbac/rolebindings/controlcenter-testadmin-rolebindings.yaml index 2ceddc9..caca456 100644 --- a/examples/rbac/rolebindings/controlcenter-testadmin-rolebindings.yaml +++ b/examples/rbac/rolebindings/controlcenter-testadmin-rolebindings.yaml @@ -25,7 +25,7 @@ spec: name: testadmin clustersScopeByIds: schemaRegistryClusterId: id_schemaregistry_sandbox - role: SystemAdmin + role: ClusterAdmin ## if use other kafkaRestClass except for default, need to configure accordingly #kafkaRestClassRef: # name: default diff --git a/examples/rbac/rolebindings/schemaregistry/kustomization.yaml b/examples/rbac/rolebindings/schemaregistry/kustomization.yaml index c51cfc1..2dd2b46 100644 --- a/examples/rbac/rolebindings/schemaregistry/kustomization.yaml +++ b/examples/rbac/rolebindings/schemaregistry/kustomization.yaml @@ -1,5 +1,6 @@ namespace: sandbox resources: - ../../../../kustomize/base/rolebindings/schemaregistry + - test-user.yaml patchesStrategicMerge: - schemaregistry-base.yaml \ No newline at end of file diff --git a/examples/rbac/rolebindings/schemaregistry/schemaregistry-base.yaml b/examples/rbac/rolebindings/schemaregistry/schemaregistry-base.yaml index 35404d5..300f7a8 100644 --- a/examples/rbac/rolebindings/schemaregistry/schemaregistry-base.yaml +++ b/examples/rbac/rolebindings/schemaregistry/schemaregistry-base.yaml @@ -28,4 +28,5 @@ spec: - name: id_schemaregistry_confluent patternType: LITERAL resourceType: Group - role: ResourceOwner \ No newline at end of file + role: ResourceOwner +--- diff --git a/examples/rbac/rolebindings/schemaregistry/test-user.yaml b/examples/rbac/rolebindings/schemaregistry/test-user.yaml new file mode 100644 index 0000000..3cf7dec --- /dev/null +++ b/examples/rbac/rolebindings/schemaregistry/test-user.yaml @@ -0,0 +1,32 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: brand-new-topic +spec: + kafkaClusterRef: + name: kafka + namespace: sandbox + kafkaRest: + authentication: + type: bearer + bearer: + secretRef: mds-client-c3 + endpoint: https://kafka.sandbox.svc.cluster.local:8090 + configs: + confluent.key.schema.validation: "true" +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: brand-new-topic +spec: + clustersScopeByIds: + schemaRegistryClusterId: id_schemaregistry_sandbox + principal: + name: alice + type: user + resourcePatterns: + - name: value_brand-new-topics + patternType: LITERAL + resourceType: Subject + role: ResourceOwner \ No newline at end of file diff --git a/examples/replicator/README.md b/examples/replicator/README.md index 2b180c4..69eab44 100644 --- a/examples/replicator/README.md +++ b/examples/replicator/README.md @@ -58,16 +58,19 @@ tools ldap 1/1 Running 1 ```shell ./create_replication_job.sh ``` + +** NOTE: It may take sometime for the replicator-0 pod to become 'healthy' when running on a local minikube. + #### Check the status of the Replicator Connector instance ``` -curl -XGET -H "Content-Type: application/json" https://localhost:8083/connectors -k -curl -XGET -H "Content-Type: application/json" https://localhost:8083/connectors/replicator/status -k +curl -u testadmin:testadmin -XGET -H "Content-Type: application/json" https://localhost:8083/connectors -k +curl -u testadmin:testadmin -XGET -H "Content-Type: application/json" https://localhost:8083/connectors/replicator/status -k ``` #### To delete the connector: ``` -curl -XDELETE -H "Content-Type: application/json" https://localhost:8083/connectors/replicator -k +curl -u testadmin:testadmin -XDELETE -H "Content-Type: application/json" https://localhost:8083/connectors/replicator -k ``` ### View in Control Center diff --git a/examples/replicator/destination/kafka.yaml b/examples/replicator/destination/kafka.yaml index 590eba7..290e32c 100644 --- a/examples/replicator/destination/kafka.yaml +++ b/examples/replicator/destination/kafka.yaml @@ -48,7 +48,7 @@ spec: provider: type: ldap ldap: - address: ldap://ldap.tools.svc.cluster.local:389 + address: ldap://ldap.sandbox.svc.cluster.local:389 authentication: type: simple simple: diff --git a/examples/replicator/destination/kustomization.yaml b/examples/replicator/destination/kustomization.yaml index 3a77dc1..9d1da5f 100644 --- a/examples/replicator/destination/kustomization.yaml +++ b/examples/replicator/destination/kustomization.yaml @@ -1,3 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization namespace: destination resources: - ./namespace.yaml diff --git a/examples/replicator/kustomization.yaml b/examples/replicator/kustomization.yaml index fc8a1e9..c831074 100644 --- a/examples/replicator/kustomization.yaml +++ b/examples/replicator/kustomization.yaml @@ -1,3 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization resources: - source - destination diff --git a/examples/replicator/operator/kustomization.yaml b/examples/replicator/operator/kustomization.yaml index 339e199..ec102c5 100644 --- a/examples/replicator/operator/kustomization.yaml +++ b/examples/replicator/operator/kustomization.yaml @@ -1,3 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization namespace: sandbox resources: - ../../../kustomize/base/operator diff --git a/examples/replicator/source/kafka.yaml b/examples/replicator/source/kafka.yaml index cbb3969..a4a90ae 100644 --- a/examples/replicator/source/kafka.yaml +++ b/examples/replicator/source/kafka.yaml @@ -47,7 +47,7 @@ spec: provider: type: ldap ldap: - address: ldap://ldap.tools.svc.cluster.local:389 + address: ldap://ldap.sandbox.svc.cluster.local:389 authentication: type: simple simple: diff --git a/examples/replicator/source/kustomization.yaml b/examples/replicator/source/kustomization.yaml index cfd1129..1da0e4d 100644 --- a/examples/replicator/source/kustomization.yaml +++ b/examples/replicator/source/kustomization.yaml @@ -1,11 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization namespace: sandbox resources: -- ./namespace.yaml +- ldap.yaml +- namespace.yaml - ../../../kustomize/base/confluent - ../../../kustomize/base/secrets-tls - ../../../kustomize/base/secrets-user -- ./source-topic.yaml -#- ./rbac-producer-app.yaml +- source-topic.yaml patchesStrategicMerge: - ./rest-class.yaml - zookeeper.yaml diff --git a/examples/rbac/ldap.yaml b/examples/replicator/source/ldap.yaml similarity index 98% rename from examples/rbac/ldap.yaml rename to examples/replicator/source/ldap.yaml index 72025b4..ad64007 100644 --- a/examples/rbac/ldap.yaml +++ b/examples/replicator/source/ldap.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: Pod metadata: name: ldap - namespace: sandbox labels: role: ldap app: ldap @@ -63,7 +62,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: ldap-ldifs - namespace: tools data: 0_groups.ldif: |- dn: ou=groups,dc=test,dc=com @@ -160,7 +158,6 @@ metadata: name: ldap labels: app: ldap - namespace: tools spec: ports: - port: 389 diff --git a/examples/tls-certificate-rotation/README.md b/examples/tls-certificate-rotation/README.md deleted file mode 100644 index a302fd6..0000000 --- a/examples/tls-certificate-rotation/README.md +++ /dev/null @@ -1,15 +0,0 @@ -# MTLS - -## Description - -* Confluent Operator -* Zookeeper -* Broker - -## How to run - -Simply run: - -``` -$ ./start.sh -``` \ No newline at end of file diff --git a/examples/tls-certificate-rotation/generate_certificate.sh b/examples/tls-certificate-rotation/generate_certificate.sh deleted file mode 100644 index 92b8e6d..0000000 --- a/examples/tls-certificate-rotation/generate_certificate.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -cfssl gencert -initca base-ca-csr.json | cfssljson -bare ./sensitive-ca - -# Verify with this: -#openssl x509 -in sensitive-ca.pem -text -noout -cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server base-server-domain.json | cfssljson -bare sensitive-server -# Verify with this: -#openssl x509 -in sensitive-server.pem -text -noout - -kubectl create namespace production -kubectl create namespace dev -kubectl create secret -n production generic tls-group1 \ - --dry-run=client \ - --from-file=fullchain.pem=./sensitive-server.pem \ - --from-file=cacerts.pem=./sensitive-ca.pem \ - --from-file=privkey.pem=./sensitive-server-key.pem -o yaml | kubectl apply -f - -kubectl create secret -n production tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=sensitive-ca.pem \ ---key=sensitive-ca-key.pem -o yaml | kubectl apply -f - -kubectl create secret -n dev tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=./sensitive-ca.pem \ ---key=./sensitive-ca-key.pem -o yaml | kubectl apply -f - - -md5sum sensitive-ca.pem -md5sum sensitive-server.pem \ No newline at end of file diff --git a/examples/tls-certificate-rotation/kustomization.yaml b/examples/tls-certificate-rotation/kustomization.yaml deleted file mode 100644 index 54d0c86..0000000 --- a/examples/tls-certificate-rotation/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -namespace: example -resources: -- namespace.yaml -- ../../kustomize/base diff --git a/examples/tls-certificate-rotation/namespace.yaml b/examples/tls-certificate-rotation/namespace.yaml deleted file mode 100644 index 6b30586..0000000 --- a/examples/tls-certificate-rotation/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: sandbox diff --git a/examples/tls-certificate-rotation/replace_certificate.sh b/examples/tls-certificate-rotation/replace_certificate.sh deleted file mode 100644 index 2736c21..0000000 --- a/examples/tls-certificate-rotation/replace_certificate.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -cfssl gencert -initca base-ca-csr.json | cfssljson -bare ./sensitive-ca - -# Verify with this: -#openssl x509 -in sensitive-ca.pem -text -noout -cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server base-server-domain.json | cfssljson -bare sensitive-server -# Verify with this: -#openssl x509 -in sensitive-server.pem -text -noout - -kubectl create secret -n production generic tls-group1 \ - --dry-run=client \ - --from-file=fullchain.pem=./sensitive-server.pem \ - --from-file=cacerts.pem=./sensitive-ca.pem \ - --from-file=privkey.pem=./sensitive-server-key.pem -o yaml | kubectl replace -f - -kubectl create secret -n production tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=sensitive-ca.pem \ ---key=sensitive-ca-key.pem -o yaml | kubectl replace -f - - -kubectl create secret -n dev tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=./sensitive-ca.pem \ ---key=./sensitive-ca-key.pem -o yaml | kubectl replace -f - - -md5sum sensitive-ca.pem -md5sum sensitive-server.pem diff --git a/examples/tls-certificate-rotation/start.sh b/examples/tls-certificate-rotation/start.sh deleted file mode 100755 index 1976c22..0000000 --- a/examples/tls-certificate-rotation/start.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -e - -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" -source ${DIR}/../../scripts/utils.sh - -verify_docker_and_memory -verify_installed "minikube" - -minikube start --cpus=4 --memory=8192 - -kubectl apply -k . \ No newline at end of file diff --git a/examples/tls-certificate-rotation/stop.sh b/examples/tls-certificate-rotation/stop.sh deleted file mode 100755 index 1406068..0000000 --- a/examples/tls-certificate-rotation/stop.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -set -e - -minikube delete \ No newline at end of file diff --git a/examples/vault-key-value/kustomization.yaml b/examples/vault-key-value/kustomization.yaml index bba1aa4..83836f8 100644 --- a/examples/vault-key-value/kustomization.yaml +++ b/examples/vault-key-value/kustomization.yaml @@ -4,5 +4,4 @@ resources: - confluent - operator - rolebindings -# - topics - vault \ No newline at end of file diff --git a/examples/vault-key-value/topics/foobar-topic.yaml b/examples/vault-key-value/topics/foobar-topic.yaml deleted file mode 100644 index 3c5d00f..0000000 --- a/examples/vault-key-value/topics/foobar-topic.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaTopic -metadata: - name: foobar -spec: - kafkaClusterRef: - name: kafka - namespace: sandbox - kafkaRest: - authentication: - type: bearer - bearer: - secretRef: mds-client-c3 - endpoint: https://kafka.sandbox.svc.cluster.local:8090 - configs: - confluent.key.schema.validation: "true" diff --git a/examples/vault-key-value/topics/kustomization.yaml b/examples/vault-key-value/topics/kustomization.yaml deleted file mode 100644 index 45f0bca..0000000 --- a/examples/vault-key-value/topics/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -namespace: sandbox -resources: - - ../../../kustomize/base/topics -patchesStrategicMerge: - - foobar-topic.yaml \ No newline at end of file diff --git a/kustomize/base/confluent/kustomization.yaml b/kustomize/base/confluent/kustomization.yaml index cd820e1..3741763 100644 --- a/kustomize/base/confluent/kustomization.yaml +++ b/kustomize/base/confluent/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - zookeeper.yaml -# - kafka.yaml + - kafka.yaml - control-centre.yaml - rest-class.yaml - kafka-connect.yaml diff --git a/kustomize/base/operator/clusterrole.yaml b/kustomize/base/operator/clusterrole.yaml index 675fc52..c9b4d85 100644 --- a/kustomize/base/operator/clusterrole.yaml +++ b/kustomize/base/operator/clusterrole.yaml @@ -1,116 +1,119 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: labels: app: confluent-for-kubernetes - app.kubernetes.io/component: confluent-operator - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" helm.sh/chart: confluent-for-kubernetes-0.174.21 name: confluent-operator + namespace: default rules: - - apiGroups: - - cluster.confluent.com - resources: - - zookeeperclusters - - zookeeperclusters/status - - zookeeperclusters/scale - - zookeeperclusters/finalizers - - kafkaclusters - - kafkaclusters/status - - kafkaclusters/scale - - kafkaclusters/finalizers - verbs: - - '*' - - apiGroups: - - operator.confluent.cloud - resources: - - physicalstatefulclusters - - physicalstatefulclusters/scale - - physicalstatefulclusters/status - - physicalstatefulclusters/finalizers - verbs: - - '*' - - apiGroups: - - platform.confluent.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - apps - resources: - - statefulsets - - statefulsets/scale - - statefulsets/status - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - configmaps - - events - - persistentvolumeclaims - - secrets - - secrets/finalizers - - pods - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - networking.k8s.io - resources: - - ingresses - - ingresses/status - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get +- apiGroups: + - cluster.confluent.com + resources: + - zookeeperclusters + - zookeeperclusters/status + - zookeeperclusters/scale + - zookeeperclusters/finalizers + - kafkaclusters + - kafkaclusters/status + - kafkaclusters/scale + - kafkaclusters/finalizers + verbs: + - '*' +- apiGroups: + - operator.confluent.cloud + resources: + - physicalstatefulclusters + - physicalstatefulclusters/scale + - physicalstatefulclusters/status + - physicalstatefulclusters/finalizers + verbs: + - '*' +- apiGroups: + - platform.confluent.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + - events + - persistentvolumeclaims + - secrets + - secrets/finalizers + - pods + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get diff --git a/kustomize/base/operator/clusterrolebinding.yaml b/kustomize/base/operator/clusterrolebinding.yaml index 89d9d60..c502054 100644 --- a/kustomize/base/operator/clusterrolebinding.yaml +++ b/kustomize/base/operator/clusterrolebinding.yaml @@ -1,18 +1,22 @@ -kind: ClusterRoleBinding +--- +# Source: confluent-for-kubernetes/templates/clusterrolebinding.yaml +kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: app: confluent-for-kubernetes app.kubernetes.io/name: confluent-for-kubernetes - app.kubernetes.io/instance: confluent - app.kubernetes.io/managed-by: git - app.kubernetes.io/component: confluent-operator + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.21 name: confluent-operator + namespace: default subjects: - kind: ServiceAccount name: confluent-for-kubernetes - namespace: sandbox + namespace: default roleRef: - kind: ClusterRole + kind: Role name: confluent-operator apiGroup: rbac.authorization.k8s.io diff --git a/kustomize/base/operator/deployment.yaml b/kustomize/base/operator/deployment.yaml index e7d9909..03928cc 100644 --- a/kustomize/base/operator/deployment.yaml +++ b/kustomize/base/operator/deployment.yaml @@ -1,23 +1,24 @@ +--- +# Source: confluent-for-kubernetes/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: labels: app: confluent-for-kubernetes - app.kubernetes.io/component: confluent-operator - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" helm.sh/chart: confluent-for-kubernetes-0.174.21 version: 0.174.21 name: confluent-operator + namespace: default spec: - progressDeadlineSeconds: 600 replicas: 1 - revisionHistoryLimit: 10 selector: matchLabels: - app.kubernetes.io/instance: operator - app.kubernetes.io/name: confluent-operator + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: RELEASE-NAME strategy: rollingUpdate: maxSurge: 1 @@ -26,73 +27,57 @@ spec: template: metadata: annotations: - prometheus.io/path: /metrics + prometheus.io/path: "/metrics" prometheus.io/port: "7778" prometheus.io/scrape: "true" labels: - app: confluent-operator - app.kubernetes.io/instance: operator - app.kubernetes.io/name: confluent-operator + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: RELEASE-NAME confluent-platform: "true" version: 0.174.21 spec: - containers: - - args: - - --debug=false - - --namespaces=sandbox - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: NODEIP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: DD_ENTITY_ID - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.uid - image: docker.io/confluentinc/confluent-operator:0.174.21 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: confluent-operator - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler securityContext: fsGroup: 1001 runAsNonRoot: true runAsUser: 1001 - serviceAccount: confluent-for-kubernetes + containers: + - args: + - --debug=false + - --namespaces=default + name: confluent-operator + image: docker.io/confluentinc/confluent-operator:0.174.21 + imagePullPolicy: IfNotPresent + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + readinessProbe: + httpGet: + port: 8080 + path: /readyz + livenessProbe: + httpGet: + port: 8080 + path: /healthz + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODEIP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_ENTITY_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid serviceAccountName: confluent-for-kubernetes - terminationGracePeriodSeconds: 30 \ No newline at end of file + restartPolicy: Always + terminationGracePeriodSeconds: 30 diff --git a/kustomize/base/operator/licensing.yaml b/kustomize/base/operator/licensing.yaml index 68e4689..c536271 100644 --- a/kustomize/base/operator/licensing.yaml +++ b/kustomize/base/operator/licensing.yaml @@ -1,23 +1,17 @@ +--- +# Source: confluent-for-kubernetes/templates/licensing.yaml apiVersion: v1 kind: Secret metadata: labels: app: confluent-for-kubernetes app.kubernetes.io/name: confluent-for-kubernetes - app.kubernetes.io/instance: confluent + app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: confluent-operator - namespace: sandbox + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.21 + namespace: default name: confluent-operator-licensing type: Opaque data: - publicKey.pem: |- - LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FR - OEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0 - QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZ - aUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJp - S3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5 - MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdu - dC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05O - UnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t - + publicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZaUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJpS3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdudC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05OUnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t diff --git a/kustomize/base/operator/service.yaml b/kustomize/base/operator/service.yaml index 0ca50c4..430528e 100644 --- a/kustomize/base/operator/service.yaml +++ b/kustomize/base/operator/service.yaml @@ -1,13 +1,17 @@ +--- +# Source: confluent-for-kubernetes/templates/service.yaml apiVersion: v1 kind: Service metadata: labels: - app: "confluent-for-kubernetes" - app.kubernetes.io/name: "confluent-for-kubernetes" - app.kubernetes.io/instance: "confluent" - app.kubernetes.io/managed-by: "Helm" + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" - name: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.21 + name: confluent-operator + namespace: default spec: ports: - name: http-metric @@ -18,4 +22,3 @@ spec: app: "confluent-operator" app.kubernetes.io/name: "confluent-operator" type: ClusterIP - diff --git a/kustomize/base/operator/serviceaccount.yaml b/kustomize/base/operator/serviceaccount.yaml index 28f5498..48d5063 100644 --- a/kustomize/base/operator/serviceaccount.yaml +++ b/kustomize/base/operator/serviceaccount.yaml @@ -1,13 +1,16 @@ +--- +# Source: confluent-for-kubernetes/templates/serviceaccount.yaml apiVersion: v1 imagePullSecrets: -- name: "confluent-registry" +- name: confluent-registry kind: ServiceAccount metadata: labels: - app: "confluent-for-kubernetes" - app.kubernetes.io/name: "confluent-for-kubernetes" - app.kubernetes.io/instance: "confluent" - app.kubernetes.io/managed-by: "Helm" + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.21 name: confluent-for-kubernetes - + namespace: default diff --git a/kustomize/crds/crds/platform.confluent.io_confluentrolebindings.yaml b/kustomize/crds/crds/platform.confluent.io_confluentrolebindings.yaml index 6ccc8de..fbd2bbf 100644 --- a/kustomize/crds/crds/platform.confluent.io_confluentrolebindings.yaml +++ b/kustomize/crds/crds/platform.confluent.io_confluentrolebindings.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_confluentrolebindings.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -247,3 +249,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_connects.yaml b/kustomize/crds/crds/platform.confluent.io_connects.yaml index 032291e..42c6afb 100644 --- a/kustomize/crds/crds/platform.confluent.io_connects.yaml +++ b/kustomize/crds/crds/platform.confluent.io_connects.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_connects.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -2952,3 +2954,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml b/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml index a0cf157..0f18682 100644 --- a/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml +++ b/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_controlcenters.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -2893,3 +2895,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml b/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml index f7e02a1..56f6cf4 100644 --- a/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml +++ b/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkarestclasses.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -321,3 +323,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_kafkas.yaml b/kustomize/crds/crds/platform.confluent.io_kafkas.yaml index 8bdbf81..44f4cce 100644 --- a/kustomize/crds/crds/platform.confluent.io_kafkas.yaml +++ b/kustomize/crds/crds/platform.confluent.io_kafkas.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkas.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -4128,3 +4130,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml b/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml index ecafc0f..bd6ba8c 100644 --- a/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml +++ b/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkatopics.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -265,3 +267,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml b/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml index 2b45eba..8a16e2a 100644 --- a/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml +++ b/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_ksqldbs.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -2580,3 +2582,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_migrationjobs.yaml b/kustomize/crds/crds/platform.confluent.io_migrationjobs.yaml index ead0c24..2a50c83 100644 --- a/kustomize/crds/crds/platform.confluent.io_migrationjobs.yaml +++ b/kustomize/crds/crds/platform.confluent.io_migrationjobs.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_migrationjobs.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -667,3 +669,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml b/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml index c6a9dde..f0822c2 100644 --- a/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml +++ b/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemaregistries.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -2183,3 +2185,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml b/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml index 92d1b74..19b661d 100644 --- a/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml +++ b/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_zookeepers.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -1661,3 +1663,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/helm/update_helm.sh b/kustomize/helm/update_helm.sh new file mode 100755 index 0000000..85f625c --- /dev/null +++ b/kustomize/helm/update_helm.sh @@ -0,0 +1,9 @@ +#!/bin/bash +#export CHART_VERSION=0.174.21 +export CHART_VERSION=0.174.13 +helm repo add confluentinc https://packages.confluent.io/helm +helm search repo confluent --versions +helm template confluentinc/confluent-for-kubernetes --version $CHART_VERSION --include-crds --output-dir . +mv confluent-for-kubernetes/crds/* ../crds/crds +mv confluent-for-kubernetes/templates/* ../base/operator +rm -R confluent-for-kubernetes \ No newline at end of file diff --git a/resources/certificates/base-server-domain.json b/resources/certificates/base-server-domain.json index 85cb543..7e669aa 100644 --- a/resources/certificates/base-server-domain.json +++ b/resources/certificates/base-server-domain.json @@ -3,7 +3,12 @@ "hosts": [ "*.sandbox.svc.cluster.local", "*.zookeeper.sandbox.svc.cluster.local", - "*.kafka.sandbox.svc.cluster.local" + "*.kafka.sandbox.svc.cluster.local", + "*.my.domain", + "*.destination.svc.cluster.local", + "*.zookeeper.destination.svc.cluster.local", + "*.kafka.destination.svc.cluster.local", + "*.replicator.destination.svc.cluster.local" ], "key": { "algo": "rsa", diff --git a/resources/certificates/generate_certificate.sh b/resources/certificates/generate_certificate.sh index 61a7fcf..940ec1a 100755 --- a/resources/certificates/generate_certificate.sh +++ b/resources/certificates/generate_certificate.sh @@ -1,9 +1,8 @@ #!/bin/bash -SERVER_DOMAINS=${1-base-server-domain.json} cfssl gencert -initca base-ca-csr.json | cfssljson -bare ./sensitive-ca - # Verify with this: #openssl x509 -in sensitive-ca.pem -text -noout -cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server $SERVER_DOMAINS | cfssljson -bare sensitive-server +cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server base-server-domain.json | cfssljson -bare sensitive-server # Verify with this: #openssl x509 -in sensitive-server.pem -text -noout diff --git a/resources/certificates/replace_certificate.sh b/resources/certificates/replace_certificate.sh deleted file mode 100755 index 4095ce6..0000000 --- a/resources/certificates/replace_certificate.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -cfssl gencert -initca base-ca-csr.json | cfssljson -bare ./sensitive-ca - -# Verify with this: -#openssl x509 -in sensitive-ca.pem -text -noout -cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server base-server-domain.json | cfssljson -bare sensitive-server -# Verify with this: -#openssl x509 -in sensitive-server.pem -text -noout - -kubectl create secret -n production generic tls-group1 \ - --dry-run=client \ - --from-file=fullchain.pem=./sensitive-server.pem \ - --from-file=cacerts.pem=./sensitive-ca.pem \ - --from-file=privkey.pem=./sensitive-server-key.pem -o yaml | kubectl replace -f - -kubectl create secret -n production tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=sensitive-ca.pem \ ---key=sensitive-ca-key.pem -o yaml | kubectl replace -f - - -kubectl create secret -n dev tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=./sensitive-ca.pem \ ---key=./sensitive-ca-key.pem -o yaml | kubectl replace -f - - -md5sum sensitive-ca.pem -md5sum sensitive-server.pem -rm sensitive-* \ No newline at end of file diff --git a/resources/certificates/replicator-server-domiains.json b/resources/certificates/replicator-server-domiains.json deleted file mode 100644 index 7e669aa..0000000 --- a/resources/certificates/replicator-server-domiains.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "CN": "*.svc.cluster.local", - "hosts": [ - "*.sandbox.svc.cluster.local", - "*.zookeeper.sandbox.svc.cluster.local", - "*.kafka.sandbox.svc.cluster.local", - "*.my.domain", - "*.destination.svc.cluster.local", - "*.zookeeper.destination.svc.cluster.local", - "*.kafka.destination.svc.cluster.local", - "*.replicator.destination.svc.cluster.local" - ], - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "Universe", - "ST": "Pangea", - "L": "Earth" - } - ] -}