osodevops · mccullya · Jun 30, 2021 · May 24, 2021
diff --git a/kustom.yaml b/kustom.yaml
diff --git a/kustomization.yaml b/kustomization.yaml
diff --git a/kustomize/base/confluent/control-centre.yaml b/kustomize/base/confluent/control-centre.yaml
@@ -41,3 +41,29 @@ spec:
           secretRef: c3-mds-client
       tls:
         enabled: true
+    connect:
+      - name: connect
+        url: https://connect.confluent.svc.cluster.local:8083
+        authentication:
+          type: basic
+          basic:
+            secretRef: c3-mds-client
+        tls:
+          enabled: true
+    ksqldb:
+      - name: ksqldb
+        url: https://ksqldb.confluent.svc.cluster.local:8088
+        authentication:
+          type: basic
+          basic:
+            secretRef: c3-mds-client
+        tls:
+          enabled: true
+    schemaRegistry:
+      url: https://schemaregistry.confluent.svc.cluster.local:8081
+      authentication:
+        type: basic
+        basic:
+         secretRef: c3-mds-client
+      tls:
+        enabled: true
diff --git a/kustomize/base/confluent/kafka.yaml b/kustomize/base/confluent/kafka.yaml
@@ -59,30 +59,27 @@ spec:
   configOverrides:
     server:
       # the LDAP lookup is set by default to ONE_LEVEL
-      - ldap.user.search.scope=2
-      - ldap.search.mode=GROUPS
-
+#      - ldap.user.search.scope=2
+#      - ldap.search.mode=GROUPS
+      - confluent.schema.registry.url=registry.production.svc.cluster.local:8081
       # Overwrite the default settings on the INTERNAL listener
-      - listener.name.internal.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER
-      - listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required;
-      - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler
-      - listener.name.internal.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem";
-      - listener.name.internal.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler
-      - listener.name.internal.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler
-
-      # Overwrite the default settings on the EXTERNAL listener
-      - listener.name.external.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER
-      - listener.name.external.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required;
-      - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler
-      - listener.name.external.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem";
-      - listener.name.external.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler
-      - listener.name.external.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler
-
-      # Overwrite the default settings on the REPLICATION listener
-      - listener.name.replication.sasl.enabled.mechanisms=PLAIN
-      - listener.name.replication.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="${file:/mnt/secrets/credential/plain.txt:username}" password="${file:/mnt/secrets/credential/plain.txt:password}";
-      - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler
-
+#      - listener.name.internal.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER
+#      - listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required;
+#      - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler
+#      - listener.name.internal.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem";
+#      - listener.name.internal.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler
+#      - listener.name.internal.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler
+#      # Overwrite the default settings on the EXTERNAL listener
+#      - listener.name.external.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER
+#      - listener.name.external.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required;
+#      - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler
+#      - listener.name.external.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem";
+#      - listener.name.external.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler
+#      - listener.name.external.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler
+#      # Overwrite the default settings on the REPLICATION listener
+#      - listener.name.replication.sasl.enabled.mechanisms=PLAIN
+#      - listener.name.replication.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="${file:/mnt/secrets/credential/plain.txt:username}" password="${file:/mnt/secrets/credential/plain.txt:password}";
+#      - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler
     # log4j:
     #  - log4j.logger.io.confluent.security.auth.provider.ldap.LdapGroupManager=DEBUG
   dependencies:

diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - secrets
+  - operator
   - confluent
   - rolebindings
   - topics
diff --git a/kustomize/base/operator/crds/kustomization.yaml b/kustomize/base/operator/crds/kustomization.yaml
@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - platform.confluent.io_confluentrolebindings.yaml
+  - platform.confluent.io_connects.yaml
+  - platform.confluent.io_controlcenters.yaml
+  - platform.confluent.io_kafkarestclasses.yaml
+  - platform.confluent.io_kafkas.yaml
+  - platform.confluent.io_kafkatopics.yaml
+  - platform.confluent.io_ksqldbs.yaml
+  - platform.confluent.io_migrationjobs.yaml
+  - platform.confluent.io_schemaregistries.yaml
+  - platform.confluent.io_zookeepers.yaml
diff --git a/kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml b/kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml
@@ -0,0 +1,249 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.1
+  creationTimestamp: null
+  name: confluentrolebindings.platform.confluent.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.state
+    name: Status
+    type: string
+  - JSONPath: .status.kafkaClusterId
+    name: KafkaClusterId
+    type: string
+  - JSONPath: .status.principal
+    name: Principal
+    type: string
+  - JSONPath: .status.role
+    name: Role
+    type: string
+  - JSONPath: .status.kafkaRestClass
+    name: KafkaRestClass
+    type: string
+  - JSONPath: .metadata.creationTimestamp
+    name: Age
+    type: date
+  - JSONPath: .status.clusterRegistryName
+    name: ClusterRegistryName
+    priority: 1
+    type: string
+  group: platform.confluent.io
+  names:
+    categories:
+    - all
+    - confluent-platform
+    - confluent
+    kind: ConfluentRolebinding
+    listKind: ConfluentRolebindingList
+    plural: confluentrolebindings
+    shortNames:
+    - cfrb
+    - confluentrolebinding
+    singular: confluentrolebinding
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      description: ConfluentRolebinding is the Schema for the confluentrolebinding
+        API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: ConfluentRolebindingSpec defines the desired state of rolebinding
+            for cp component when rbac is enabled
+          properties:
+            clustersScopeByIds:
+              description: ClusterScope defines the scope of clustersId
+              properties:
+                connectClusterId:
+                  minLength: 1
+                  type: string
+                kafkaClusterId:
+                  minLength: 1
+                  type: string
+                ksqlClusterId:
+                  minLength: 1
+                  type: string
+                schemaRegistryClusterId:
+                  minLength: 1
+                  type: string
+              type: object
+            clustersScopeByRegistryName:
+              description: ClusterRegistryName defines the unique cluster name customer
+                registered in cluster registry
+              minLength: 1
+              type: string
+            kafkaRestClassRef:
+              description: KafkaRestClassRef defines the reference for KafkaRestClass
+                which defines Kafka Rest API
+              properties:
+                name:
+                  description: Name defines the name of KafkaRestClass
+                  minLength: 1
+                  type: string
+                namespace:
+                  description: Namespace defines the namespace of the KafkaRestClass
+                  type: string
+              required:
+              - name
+              type: object
+            principal:
+              description: Principal defines the confluent rolebinding principal name
+                and the binding details.
+              properties:
+                name:
+                  description: Name defines the name of the principal(user/group)
+                  minLength: 1
+                  type: string
+                type:
+                  enum:
+                  - user
+                  - group
+                  type: string
+              required:
+              - name
+              - type
+              type: object
+            resourcePatterns:
+              description: ResourcePatterns define the qualified resources associated
+                with this rolebinding
+              items:
+                description: ResourcePattern define the qualified resource info associated
+                  with this rolebinding
+                properties:
+                  name:
+                    description: Name defines the name of resource associated with
+                      this rolebinding
+                    minLength: 1
+                    type: string
+                  patternType:
+                    description: PatternType defines whether the pattern of resource
+                      is PREFIXED or LITERAL, default is LITERAL if not set
+                    enum:
+                    - PREFIXED
+                    - LITERAL
+                    type: string
+                  resourceType:
+                    description: ResourceType defines the type of resource
+                    minLength: 1
+                    type: string
+                required:
+                - name
+                - resourceType
+                type: object
+              type: array
+            role:
+              description: Role defines the name of the Role
+              minLength: 1
+              type: string
+          required:
+          - principal
+          - role
+          type: object
+        status:
+          description: ConfluentRolebindingStatus defines the observed state of ConfluentRolebinding
+          properties:
+            clusterRegistryName:
+              type: string
+            conditions:
+              items:
+                description: Conditions represents the latest available observations
+                  of a statefulset's current state.
+                properties:
+                  lastProbeTime:
+                    description: LastProbeTime defines a last time the condition is
+                      evaluated.
+                    format: date-time
+                    type: string
+                  lastTransitionTime:
+                    description: LastTransitionTime defines a last time the condition
+                      transitioned from one status to another.
+                    format: date-time
+                    type: string
+                  message:
+                    description: ' Message defines  a human readable message indicating
+                      details about the transition.'
+                    type: string
+                  reason:
+                    description: ' Reason defines reason for the condition''s last
+                      transition.'
+                    type: string
+                  status:
+                    description: Status defines a status of the condition, one of
+                      True, False, Unknown
+                    type: string
+                  type:
+                    description: Type defines type of condition
+                    type: string
+                type: object
+              type: array
+            kafkaClusterId:
+              type: string
+            kafkaRestClass:
+              type: string
+            mdsEndpoint:
+              type: string
+            principal:
+              type: string
+            resourcePatterns:
+              items:
+                description: ResourcePattern define the qualified resource info associated
+                  with this rolebinding
+                properties:
+                  name:
+                    description: Name defines the name of resource associated with
+                      this rolebinding
+                    minLength: 1
+                    type: string
+                  patternType:
+                    description: PatternType defines whether the pattern of resource
+                      is PREFIXED or LITERAL, default is LITERAL if not set
+                    enum:
+                    - PREFIXED
+                    - LITERAL
+                    type: string
+                  resourceType:
+                    description: ResourceType defines the type of resource
+                    minLength: 1
+                    type: string
+                required:
+                - name
+                - resourceType
+                type: object
+              type: array
+            role:
+              type: string
+            state:
+              type: string
+          type: object
+      required:
+      - spec
+      type: object
+  version: v1beta1
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []