From 7fc0a1bd958b065b4445930cd53bbcf31b66ee00 Mon Sep 17 00:00:00 2001 From: Sion Smith Date: Tue, 26 Oct 2021 12:52:39 +0100 Subject: [PATCH] added basic cluster liknking example --- examples/cluster-linking/README.md | 5 ++ .../destination/control-centre.yaml | 37 +++++++++ .../controlcenter-testadmin-rolebindings.yaml | 35 ++++++++ .../destination/controlcentre-c3-rb.yaml | 12 +++ .../cluster-linking/destination/kafka.yaml | 81 +++++++++++++++++++ .../destination/kustomization.yaml | 19 +++++ .../destination/namespace.yaml | 4 + .../destination/replicator-rb.yaml | 66 +++++++++++++++ .../destination/replicator.yaml | 67 +++++++++++++++ .../destination/rest-class.yaml | 10 +++ .../destination/schema-registry.yaml | 28 +++++++ .../destination/schemaregistry-base.yaml | 31 +++++++ .../destination/zookeeper.yaml | 11 +++ examples/cluster-linking/kustomization.yaml | 7 ++ .../cluster-linking/operator/deployment.yaml | 12 +++ .../operator/kustomization.yaml | 7 ++ .../producer/kafka-client-config-secure.yaml | 7 ++ .../cluster-linking/producer/kafka.properties | 6 ++ .../producer/kustomization.yaml | 4 + .../producer/rbac-producer-app.yaml | 55 +++++++++++++ examples/cluster-linking/source/kafka.yaml | 36 +++++++++ .../cluster-linking/source/kustomization.yaml | 8 ++ .../cluster-linking/source/namespace.yaml | 4 + .../cluster-linking/source/zookeeper.yaml | 18 +++++ 24 files changed, 570 insertions(+) create mode 100644 examples/cluster-linking/README.md create mode 100644 examples/cluster-linking/destination/control-centre.yaml create mode 100644 examples/cluster-linking/destination/controlcenter-testadmin-rolebindings.yaml create mode 100644 examples/cluster-linking/destination/controlcentre-c3-rb.yaml create mode 100644 examples/cluster-linking/destination/kafka.yaml create mode 100644 examples/cluster-linking/destination/kustomization.yaml create mode 100644 examples/cluster-linking/destination/namespace.yaml create mode 100644 examples/cluster-linking/destination/replicator-rb.yaml create mode 100644 examples/cluster-linking/destination/replicator.yaml create mode 100644 examples/cluster-linking/destination/rest-class.yaml create mode 100644 examples/cluster-linking/destination/schema-registry.yaml create mode 100644 examples/cluster-linking/destination/schemaregistry-base.yaml create mode 100644 examples/cluster-linking/destination/zookeeper.yaml create mode 100644 examples/cluster-linking/kustomization.yaml create mode 100644 examples/cluster-linking/operator/deployment.yaml create mode 100644 examples/cluster-linking/operator/kustomization.yaml create mode 100644 examples/cluster-linking/producer/kafka-client-config-secure.yaml create mode 100644 examples/cluster-linking/producer/kafka.properties create mode 100644 examples/cluster-linking/producer/kustomization.yaml create mode 100644 examples/cluster-linking/producer/rbac-producer-app.yaml create mode 100644 examples/cluster-linking/source/kafka.yaml create mode 100644 examples/cluster-linking/source/kustomization.yaml create mode 100644 examples/cluster-linking/source/namespace.yaml create mode 100644 examples/cluster-linking/source/zookeeper.yaml diff --git a/examples/cluster-linking/README.md b/examples/cluster-linking/README.md new file mode 100644 index 0000000..a50b016 --- /dev/null +++ b/examples/cluster-linking/README.md @@ -0,0 +1,5 @@ +# Replicator + +In this scenario example, you'll deploy two Confluent clusters. One is the source cluster, and one is the destination cluster. You'll deploy Confluent Replicator on the destination cluster, where it will copy topic messages from the source cluster and write to the destination cluster. + +1. diff --git a/examples/cluster-linking/destination/control-centre.yaml b/examples/cluster-linking/destination/control-centre.yaml new file mode 100644 index 0000000..b0f3122 --- /dev/null +++ b/examples/cluster-linking/destination/control-centre.yaml @@ -0,0 +1,37 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ControlCenter +metadata: + name: controlcenter +spec: + authorization: + type: rbac + tls: + secretRef: tls-group1 + dependencies: + kafka: + bootstrapEndpoint: kafka.destination.svc.cluster.local:9071 + authentication: + type: plain + jaasConfig: + secretRef: mds-client-connect + tls: + enabled: true + mds: + endpoint: https://kafka.destination.svc.cluster.local:8090 + tokenKeyPair: + secretRef: mds-public + authentication: + type: bearer + bearer: + secretRef: mds-client-c3 + tls: + enabled: true + connect: + - name: replicator + url: https://replicator.destination.svc.cluster.local:8083 + tls: + enabled: true + schemaRegistry: + url: https://schemaregistry.destination.svc.cluster.local:8081 + tls: + enabled: true \ No newline at end of file diff --git a/examples/cluster-linking/destination/controlcenter-testadmin-rolebindings.yaml b/examples/cluster-linking/destination/controlcenter-testadmin-rolebindings.yaml new file mode 100644 index 0000000..ceb7c77 --- /dev/null +++ b/examples/cluster-linking/destination/controlcenter-testadmin-rolebindings.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: testadmin-rb +spec: + principal: + type: user + name: testadmin + role: ClusterAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: testadmin-rb-sr +spec: + principal: + type: user + name: testadmin + clustersScopeByIds: + schemaRegistryClusterId: id_schemaregistry_destination + role: SystemAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: testadmin-rb-replicator +spec: + principal: + type: user + name: testadmin + clustersScopeByIds: + connectClusterId: destination.replicator + role: SystemAdmin +--- \ No newline at end of file diff --git a/examples/cluster-linking/destination/controlcentre-c3-rb.yaml b/examples/cluster-linking/destination/controlcentre-c3-rb.yaml new file mode 100644 index 0000000..261520a --- /dev/null +++ b/examples/cluster-linking/destination/controlcentre-c3-rb.yaml @@ -0,0 +1,12 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: c3-rb-replicator +spec: + principal: + type: user + name: c3 + clustersScopeByIds: + connectClusterId: destination.replicator + role: SystemAdmin +--- \ No newline at end of file diff --git a/examples/cluster-linking/destination/kafka.yaml b/examples/cluster-linking/destination/kafka.yaml new file mode 100644 index 0000000..290e32c --- /dev/null +++ b/examples/cluster-linking/destination/kafka.yaml @@ -0,0 +1,81 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + configOverrides: + server: + - confluent.schema.registry.url=https://schemaregistry.destination.svc.cluster.local:8081 + - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler + - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler + - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler + tls: + secretRef: tls-group1 + metricReporter: + enabled: true + authentication: + type: plain + jaasConfigPassThrough: + secretRef: broker-credential + tls: + enabled: true + listeners: + internal: + authentication: + type: plain + jaasConfigPassThrough: + secretRef: broker-credential + tls: + enabled: true + external: + authentication: + type: plain + jaasConfigPassThrough: + secretRef: broker-credential + tls: + enabled: true + authorization: + type: rbac + superUsers: + - User:kafka + services: + mds: + tls: + enabled: true + tokenKeyPair: + secretRef: broker-credential + provider: + type: ldap + ldap: + address: ldap://ldap.sandbox.svc.cluster.local:389 + authentication: + type: simple + simple: + secretRef: broker-credential + tls: + enabled: true + configurations: + groupNameAttribute: cn + groupObjectClass: groupOfNames + groupMemberAttribute: member + groupMemberAttributePattern: cn=(.*),ou=users,dc=test,dc=com + groupSearchBase: ou=groups,dc=test,dc=com + userNameAttribute: cn + userMemberOfAttributePattern: cn=(.*),ou=users,dc=test,dc=com + userObjectClass: organizationalRole + userSearchBase: ou=users,dc=test,dc=com + dependencies: + kafkaRest: + authentication: + type: bearer + bearer: + secretRef: broker-credential + zookeeper: + endpoint: zookeeper.destination.svc.cluster.local:2182 + authentication: + type: digest + jaasConfig: + secretRef: broker-credential + tls: + enabled: true diff --git a/examples/cluster-linking/destination/kustomization.yaml b/examples/cluster-linking/destination/kustomization.yaml new file mode 100644 index 0000000..9d1da5f --- /dev/null +++ b/examples/cluster-linking/destination/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: destination +resources: +- ./namespace.yaml +- ../../../kustomize/base/confluent +- ../../../kustomize/base/secrets-tls +- ../../../kustomize/base/secrets-user +- ./replicator.yaml +- ./controlcentre-c3-rb.yaml +- ./replicator-rb.yaml +- ./schemaregistry-base.yaml +- ./controlcenter-testadmin-rolebindings.yaml +patchesStrategicMerge: + - ./rest-class.yaml + - zookeeper.yaml + - kafka.yaml + - schema-registry.yaml + - control-centre.yaml \ No newline at end of file diff --git a/examples/cluster-linking/destination/namespace.yaml b/examples/cluster-linking/destination/namespace.yaml new file mode 100644 index 0000000..6295f9c --- /dev/null +++ b/examples/cluster-linking/destination/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: destination \ No newline at end of file diff --git a/examples/cluster-linking/destination/replicator-rb.yaml b/examples/cluster-linking/destination/replicator-rb.yaml new file mode 100644 index 0000000..d043cc2 --- /dev/null +++ b/examples/cluster-linking/destination/replicator-rb.yaml @@ -0,0 +1,66 @@ + +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: connect-rb-cluster-admin +spec: + principal: + type: user + name: connect + role: ClusterAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: replicator-topics + namespace: confluent +spec: + principal: + name: connect + type: user + resourcePatterns: + - name: topic-in-source_replica + patternType: LITERAL + resourceType: Topic + - name: _confluent-license + patternType: LITERAL + resourceType: Topic + - name: _confluent-gcsconnect-secrets + patternType: LITERAL + resourceType: Topic + - name: _confluent-connect-offsets + patternType: LITERAL + resourceType: Topic + - name: _confluent-connect-configs + patternType: LITERAL + resourceType: Topic + - name: _confluent-connect-status + patternType: LITERAL + resourceType: Topic + - name: _confluent-gcsconnect-status + patternType: LITERAL + resourceType: Topic + - name: _confluent-gcsconnect-offsets + patternType: LITERAL + resourceType: Topic + - name: _confluent-gcsconnect-configs + patternType: LITERAL + resourceType: Topic + - name: confluent.gcsconnect- + patternType: PREFIXED + resourceType: Topic + role: ResourceOwner +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: gcsconnect-idempotent-write + namespace: confluent +spec: + principal: + name: connect + type: user + resourcePatterns: + - name: kafka-cluster + resourceType: Cluster + role: DeveloperWrite \ No newline at end of file diff --git a/examples/cluster-linking/destination/replicator.yaml b/examples/cluster-linking/destination/replicator.yaml new file mode 100644 index 0000000..df0fb1f --- /dev/null +++ b/examples/cluster-linking/destination/replicator.yaml @@ -0,0 +1,67 @@ +apiVersion: platform.confluent.io/v1beta1 +# Confluent Replicator is built as a connector, and so will use the `Connect` CRD. +kind: Connect +metadata: + name: replicator +spec: + replicas: 1 + # Configure to have TLS encryption, and use auto-generated server certs + tls: + secretRef: tls-group1 + authorization: + type: rbac + image: + # Use the `cp-enterprise-replicator-operator` Docker image, that contains the Replicator jars + application: confluentinc/cp-enterprise-replicator-operator:6.1.1.0 + init: confluentinc/cp-init-container-operator:6.1.1.0 + podTemplate: + resources: + requests: + cpu: 1 + memory: 2Gi + envVars: + # The Confluent Replicator Monitoring Extension allows for detailed metrics from Replicator tasks to be + # collected using an exposed REST API. + # You'll need to update the version string in replicate-test-extension-.jar based on what + # CP version you are using + - name: CLASSPATH + value: /usr/share/java/kafka-connect-replicator/replicator-rest-extension-6.1.1.jar + configOverrides: + # When the Connect distributed cluster hosting Replicator has a REST endpoint with SSL encryption + # enabled, you must configure security properties for the SSL keystore and truststore used by the + # Replicator monitoring extension to communicate with other Connect nodes in the cluster. + # `/mnt/sslcerts/truststore.jks` is the truststore location when auto-genarated certs are used. + jvm: +# - -Djavax.net.debug=all + - -Djavax.net.ssl.trustStore=/mnt/sslcerts/truststore.p12 + - -Djavax.net.ssl.trustStorePassword=mystorepassword + server: + - connector.class=io.confluent.connect.replicator.ReplicatorSourceConnector + # To activate the monitoring extension, configure this property + - rest.extension.classes=io.confluent.connect.replicator.monitoring.ReplicatorMonitoringExtension,io.confluent.connect.security.ConnectSecurityExtension + - admin.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required metadataServerUrls="https://kafka.destination.svc.cluster.local:8090" username="connect" password="connect-secret"; + - consumer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required metadataServerUrls="https://kafka.destination.svc.cluster.local:8090" username="connect" password="connect-secret"; + - producer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required metadataServerUrls="https://kafka.destination.svc.cluster.local:8090" username="connect" password="connect-secret"; + - sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required metadataServerUrls="https://kafka.destination.svc.cluster.local:8090" username="connect" password="connect-secret"; + - confluent.metadata.basic.auth.user.info=connect:connect-secret + dependencies: + kafka: + bootstrapEndpoint: kafka.destination.svc.cluster.local:9071 + authentication: + type: plain + jaasConfig: + secretRef: mds-client-connect + tls: + enabled: true + mds: + endpoint: https://kafka.destination.svc.cluster.local:8090 + tokenKeyPair: + secretRef: mds-public + authentication: + type: bearer + bearer: + secretRef: mds-client-connect + tls: + enabled: true + interceptor: + enabled: true \ No newline at end of file diff --git a/examples/cluster-linking/destination/rest-class.yaml b/examples/cluster-linking/destination/rest-class.yaml new file mode 100644 index 0000000..56ea65d --- /dev/null +++ b/examples/cluster-linking/destination/rest-class.yaml @@ -0,0 +1,10 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaRestClass +metadata: + name: default +spec: + kafkaRest: + authentication: + type: bearer + bearer: + secretRef: rest-credential \ No newline at end of file diff --git a/examples/cluster-linking/destination/schema-registry.yaml b/examples/cluster-linking/destination/schema-registry.yaml new file mode 100644 index 0000000..8875723 --- /dev/null +++ b/examples/cluster-linking/destination/schema-registry.yaml @@ -0,0 +1,28 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaRegistry +metadata: + name: schemaregistry +spec: + authorization: + type: rbac + tls: + secretRef: tls-group1 + dependencies: + kafka: + bootstrapEndpoint: kafka.destination.svc.cluster.local:9071 + authentication: + type: plain + jaasConfig: + secretRef: mds-client-sr + tls: + enabled: true + mds: + endpoint: https://kafka.destination.svc.cluster.local:8090 + tokenKeyPair: + secretRef: mds-public + authentication: + type: bearer + bearer: + secretRef: mds-client-sr + tls: + enabled: true \ No newline at end of file diff --git a/examples/cluster-linking/destination/schemaregistry-base.yaml b/examples/cluster-linking/destination/schemaregistry-base.yaml new file mode 100644 index 0000000..14b25be --- /dev/null +++ b/examples/cluster-linking/destination/schemaregistry-base.yaml @@ -0,0 +1,31 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: registry-base +spec: + clustersScopeByIds: + schemaRegistryClusterId: id_schemaregistry_destination # id_. + principal: + name: sr + type: user + role: SecurityAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: registry-mds-client-resources-base +spec: + principal: + name: sr + type: user + resourcePatterns: + - name: _confluent-license + patternType: LITERAL + resourceType: Topic + - name: _schemas_schemaregistry_destination + patternType: LITERAL + resourceType: Topic + - name: id_schemaregistry_destination + patternType: LITERAL + resourceType: Group + role: ResourceOwner \ No newline at end of file diff --git a/examples/cluster-linking/destination/zookeeper.yaml b/examples/cluster-linking/destination/zookeeper.yaml new file mode 100644 index 0000000..73286c2 --- /dev/null +++ b/examples/cluster-linking/destination/zookeeper.yaml @@ -0,0 +1,11 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Zookeeper +metadata: + name: zookeeper +spec: + authentication: + type: digest + jaasConfig: + secretRef: zk-credential + tls: + secretRef: tls-group1 diff --git a/examples/cluster-linking/kustomization.yaml b/examples/cluster-linking/kustomization.yaml new file mode 100644 index 0000000..5d340c9 --- /dev/null +++ b/examples/cluster-linking/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - source + - operator +# - destination +# - producer \ No newline at end of file diff --git a/examples/cluster-linking/operator/deployment.yaml b/examples/cluster-linking/operator/deployment.yaml new file mode 100644 index 0000000..1e11ffe --- /dev/null +++ b/examples/cluster-linking/operator/deployment.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: confluent-operator +spec: + template: + spec: + containers: + - args: + - --debug=false + - --namespaces=sandbox,destination + name: confluent-operator diff --git a/examples/cluster-linking/operator/kustomization.yaml b/examples/cluster-linking/operator/kustomization.yaml new file mode 100644 index 0000000..ec102c5 --- /dev/null +++ b/examples/cluster-linking/operator/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: sandbox +resources: +- ../../../kustomize/base/operator +patchesStrategicMerge: + - deployment.yaml \ No newline at end of file diff --git a/examples/cluster-linking/producer/kafka-client-config-secure.yaml b/examples/cluster-linking/producer/kafka-client-config-secure.yaml new file mode 100644 index 0000000..332c11a --- /dev/null +++ b/examples/cluster-linking/producer/kafka-client-config-secure.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + kafka.properties: Ym9vdHN0cmFwLnNlcnZlcnM9a2Fma2Euc2FuZGJveC5zdmMuY2x1c3Rlci5sb2NhbDo5MDcxCnNhc2wuamFhcy5jb25maWc9b3JnLmFwYWNoZS5rYWZrYS5jb21tb24uc2VjdXJpdHkucGxhaW4uUGxhaW5Mb2dpbk1vZHVsZSByZXF1aXJlZCB1c2VybmFtZT1rYWZrYSBwYXNzd29yZD1rYWZrYS1zZWNyZXQ7CnNhc2wubWVjaGFuaXNtPVBMQUlOCnNlY3VyaXR5LnByb3RvY29sPVNBU0xfU1NMCnNzbC50cnVzdHN0b3JlLmxvY2F0aW9uPS9tbnQvc3NsY2VydHMvdHJ1c3RzdG9yZS5wMTIKc3NsLnRydXN0c3RvcmUucGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk +kind: Secret +metadata: + creationTimestamp: null + name: kafka-client-config-secure \ No newline at end of file diff --git a/examples/cluster-linking/producer/kafka.properties b/examples/cluster-linking/producer/kafka.properties new file mode 100644 index 0000000..84608fd --- /dev/null +++ b/examples/cluster-linking/producer/kafka.properties @@ -0,0 +1,6 @@ +bootstrap.servers=kafka.sandbox.svc.cluster.local:9071 +sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username=kafka password=kafka-secret; +sasl.mechanism=PLAIN +security.protocol=SASL_SSL +ssl.truststore.location=/mnt/sslcerts/truststore.p12 +ssl.truststore.password=mystorepassword \ No newline at end of file diff --git a/examples/cluster-linking/producer/kustomization.yaml b/examples/cluster-linking/producer/kustomization.yaml new file mode 100644 index 0000000..e5c4548 --- /dev/null +++ b/examples/cluster-linking/producer/kustomization.yaml @@ -0,0 +1,4 @@ +namespace: sandbox +resources: +- ./kafka-client-config-secure.yaml +- ./rbac-producer-app.yaml diff --git a/examples/cluster-linking/producer/rbac-producer-app.yaml b/examples/cluster-linking/producer/rbac-producer-app.yaml new file mode 100644 index 0000000..8bf66bb --- /dev/null +++ b/examples/cluster-linking/producer/rbac-producer-app.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: console-producer + namespace: sandbox +spec: + serviceName: console-producer + podManagementPolicy: Parallel + replicas: 1 + selector: + matchLabels: + app: console-producer + template: + metadata: + labels: + app: console-producer + spec: + containers: + - name: console-producer + image: confluentinc/cp-kafka:latest + command: + - /bin/shgit + - -c + - | + kafka-producer-perf-test \ + --topic topic-in-source \ + --record-size 1024 \ + --throughput 5 \ + --producer.config /mnt/kafka.properties \ + --num-records 100000 + volumeMounts: + - name: kafka-properties + mountPath: /mnt + - name: kafka-ssl-autogenerated + mountPath: /mnt/sslcerts + resources: + requests: + memory: 512Mi # 768Mi + cpu: 500m # 1000m + volumes: + - name: kafka-properties # Create secret with name `kafka-client-config` with client configurations + secret: + secretName: kafka-client-config-secure + - name: kafka-ssl-autogenerated + secret: + secretName: kafka-pkcs12 +--- +apiVersion: v1 +kind: Service +metadata: + name: console-producer + namespace: sandbox +spec: + clusterIP: None \ No newline at end of file diff --git a/examples/cluster-linking/source/kafka.yaml b/examples/cluster-linking/source/kafka.yaml new file mode 100644 index 0000000..a0531e2 --- /dev/null +++ b/examples/cluster-linking/source/kafka.yaml @@ -0,0 +1,36 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + replicas: 1 + image: + application: confluentinc/cp-server-operator:6.1.2.0 + init: confluentinc/cp-init-container-operator:6.1.2.0 + dataVolumeCapacity: 10Gi + configOverrides: + server: + - confluent.schema.registry.url=https://schemaregistry.sandbox.svc.cluster.local:8081 + - confluent.license.topic.replication.factor=1 + - confluent.tier.metadata.replication.factor=1 + - confluent.metadata.topic.replication.factor=1 + - confluent.balancer.topic.replication.factor=1 + - confluent.security.event.logger.exporter.kafka.topic.replicas=1 + - event.logger.exporter.kafka.topic.replicas=1 + - offsets.topic.replication.factor=1 + - confluent.cluster.link.enable=true + - password.encoder.secret=secret + tls: + autoGeneratedCerts: true + listeners: + internal: + tls: + enabled: true + external: + tls: + enabled: true + dependencies: + zookeeper: + endpoint: zookeeper.sandbox.svc.cluster.local:2182 + tls: + enabled: true \ No newline at end of file diff --git a/examples/cluster-linking/source/kustomization.yaml b/examples/cluster-linking/source/kustomization.yaml new file mode 100644 index 0000000..77fb4ea --- /dev/null +++ b/examples/cluster-linking/source/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: sandbox +resources: + - ../../../kustomize/base/secrets-tls + - namespace.yaml + - zookeeper.yaml + - kafka.yaml \ No newline at end of file diff --git a/examples/cluster-linking/source/namespace.yaml b/examples/cluster-linking/source/namespace.yaml new file mode 100644 index 0000000..6b30586 --- /dev/null +++ b/examples/cluster-linking/source/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: sandbox diff --git a/examples/cluster-linking/source/zookeeper.yaml b/examples/cluster-linking/source/zookeeper.yaml new file mode 100644 index 0000000..158ea6c --- /dev/null +++ b/examples/cluster-linking/source/zookeeper.yaml @@ -0,0 +1,18 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Zookeeper +metadata: + name: zookeeper +spec: + replicas: 1 + image: + application: confluentinc/cp-zookeeper-operator:6.1.2.0 + init: confluentinc/cp-init-container-operator:6.1.2.0 + dataVolumeCapacity: 10Gi + logVolumeCapacity: 10Gi + podTemplate: + resources: + requests: + cpu: 100m + memory: 256Mi + tls: + autoGeneratedCerts: true \ No newline at end of file