Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
author Dale Lane <Dale.Lane@uk.ibm.com> 1574169185 +0000
committer Samuel Hawker <samuel.hawker@ibm.com> 1651571459 +0100
chore: squash commits for ES releases up to 10.4.0
* Contributes to mhub/qp-planning#7089
* chore: squash commits for 10.0.0 ES release
* Contributes to: mhub/qp-planning#6997
* feat: Support for UBI-minimal as a base layer for Strimzi images (#4)
* This adds UBI support as an optional base-layer when building the
* Strimzi Kafka and cluster-operator Docker images.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* chore: update stunnel version (#6)
* The previous stunnel version (5.55) has been updated and removed from
* Stunnel's archive, so we need to update it to 5.56 in order to properly
* build the Strimzi images.
* Contributes to: mhub/qp-planning#4417
* Signed-off-by: Stelios Gkiokas <Stylianos.Gkiokas@ibm.com>
* feat: Build custom kafka binary image (#7) (#8)
* Contributes to: mhub/qp-planning#4366
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* chore: add script to update fork (#10)
* This script will be called by Jenkins in order to update the forked
* repo.
* Contributes to: mhub/qp-planning#4366
* Signed-off-by: Stelios Gkiokas <Stylianos.Gkiokas@ibm.com>
* feat: build custom Kafka (#12)
* Contributes to: mhub/qp-planning#4366
* Signed-off-by: Stelios Gkiokas <Stylianos.Gkiokas@ibm.com>
* chore: pull stunnel from Artifactory (#13)
* Contributes to: mhub/qp-planning#4416
* Signed-off-by: Stelios Gkiokas <Stylianos.Gkiokas@ibm.com>
* feat: move Strimzi artifact to Artifactory (#14)
* Contributes to: mhub/qp-planning#4366
* Signed-off-by: Stelios Gkiokas <Stylianos.Gkiokas@ibm.com>
* fix: Add tini to ES UBI images (#15)
* Add backup file and cleanup function to prevent
* eventstreams-kafka-versions.yaml from being deleted
* Contributes to: mhub/qp-planning#4447
* Signed-off-by: Tom Jefferson <thomas.jefferson1@ibm.com>
* feat: Fix stunnel copy (#16)
* Contributes to: mhub/qp-planning#4511
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: stunnel fix (#18)
* Contributes to: mhub/qp-planning#4511
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Add stunnel to bin (#19)
* Contributes to: mhub/qp-planning#4511
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Change mode (#20)
* Contributes to: mhub/qp-planning#0
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: eventstreams strimzi deploy (#21)
* Contributes to: mhub/qp-planning#5411
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* chore: Update kafka-vnext image tag (#22)
* Update strimzi-kafka-operator local build script to pull in the tarball
* containing the latest build of the interceptor framework and producer
* interceptor.
* Contributes to: mhub/qp-planning#4475
* Signed-off-by: Tom Aley <thomas.aley@ibm.com>
* chore: add imagePullSecret to ES Operator (#23)
* Installing the Strimzi Operator is currently failing since there is no
* imagePullSecret set to pull the images for the ES Operator.
* Contributes to: mhub/qp-planning#4540
* Contributes to: mhub/qp-planning#4469
* Signed-off-by: Stelios Gkiokas <Stylianos.Gkiokas@ibm.com>
* test: check checksum (#24)
* Test new kafka image
* Signed-off-by: Julian Goh <julian.goh@uk.ibm.com>
* fix: position ips in correct place (#25)
* Contributes to: mhub/qp-planning#4540
* Signed-off-by: Stelios Gkiokas <Stylianos.Gkiokas@ibm.com>
* chore: upgrade operator kafka image to 2.4.0 with interceptor (#28)
* Contributes to: mhub/qp-planning#4639
* Signed-off-by: Steve Dare <steve.dare@ibm.com>
* chore: Update to Kafka 2.4.0 (part 2) (#29)
* Finishes the work for updating to the new Kafka image with
* the interceptors support.
* Contributes to: mhub/qp-planning#4636
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: build ubi images on openjdk (#27)
* make is already installed as a dependency of openssl so shouldn't be
* re-installed and then deleted as a build dep for stunnel
* Contributes to: mhub/qp-planning#4550
* Signed-off-by: Dave Lane <davilane@uk.ibm.com>
* fix: local build, new image tag env var
* ensure docker build args have default values
* use correct image tag
* Contributes to: mhub/qp-planning#4550
* Signed-off-by: Dave Lane <davilane@uk.ibm.com>
* chore: Update Kafka/ZooKeeper image tags
* I've also removed the STRIMZI_DEFAULT_ZOOKEEPER_IMAGE environment
* variable as it hasn't been used in Strimzi for a while now and
* has no impact.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* chore: rename image pull secret (#35)
* regcred to ibm-entitlement-key
* Contributes to: mhub/qp-planning#4640
* Signed-off-by: Steve Dare <steve.dare@ibm.com>
* chore: Update image tags
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: add UBI version of JMX Dockerfile (#37)
* We need a UBI version of the Dockerfile user for the JMX trans.
* Contributes to: mhub/qp-planning#4739
* Signed-off-by: Stelios Gkiokas <Stylianos.Gkiokas@ibm.com>
* chore: Update image tags
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* chore: Update version of ZooKeeper to match upstream (#38)
* This updates us to ZooKeeper 3.5.6 which brings us in-line with the
* upstream Strimzi project.
* Closes: mhub/qp-planning#4743
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* Eventstreams domain delta and resource group (#39)
* Labels and annotations
* Contributes to: mhub/qp-planning#4618
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* Combined eventstreams operator (#41)
* This commit ports the code from mhub/qp-eventstreams-operator
* into its own submodule in the strimzi project fork
* Contributes to: mhub/qp-planning#4618
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Fix tests (#42)
* Contributes to: mhub/qp-planning#4618
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Move install folder
* Contributes to: mhub/qp-planning#4618
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Try this (#47)
* Contributes to: mhub/qp-planning#0
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Remove deprecated future() calls (#44)
* Contributes to: mhub/qp-planning#4554
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* Signed-off-by: Katherine Stanley <katheris@uk.ibm.com>
* feat: Fixes to install and examples (#45)
* Contributes to: mhub/qp-planning#4554
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Uniquely name kube resources (#48)
* Contributes to: mhub/qp-planning#0
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: es makefile for rapid development
* this commit adds and es makefile to allow for rapid
* development.
* once changes have been made to the eventstreams cluster
* operator, running `make eventstreams_operator_build` will
* rapidly build the jar and docker image for the operator
* Contributes to: mhub/qp-planning#4616
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* feat: Build init container (#46)
* Contributes to: mhub/qp-planning#0
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* fix: fix dep analyze and re-enable on build (#53)
* * fix: fix dep analyze and re-enable on build
* * fix: remove unnecessary dependencies
* Contributes to: mhub/qp-planning#4616
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* feat: Add eventstreams checkstyle files (#54)
* Contributes to mhub/qp-planning#4616
* Signed-off-by: Katherine Stanley <katheris@uk.ibm.com>
* fix: update snapshot to latest version (#55)
* Contributes to: mhub/qp-planning#4616
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* feat: Update integration test install location (#56)
* Contributes to mhub/qp-planning#4616
* Signed-off-by: Katherine Stanley <katheris@uk.ibm.com>
* fix: fix dependencies in pom (#57)
* also delete unwanted file
* Contributes to: mhub/qp-planning#4616
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* fix: correct role name (#59)
* Contributes to: mhub/qp-planning#0
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Add failure handling to chain promise (#60)
* Add failure handling to chain promise and
* correctly fail async unit tests.
* Contributes to mhub/qp-planning#4795
* Signed-off-by: Katherine Stanley <katheris@uk.ibm.com>
* feat: Update Documentation (#51)
* Contributes to: mhub/qp-planning#0
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* chore: Fix bad merge
* Import statement was lost when resolving merge conflicts.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: Run eventstreams_java_build in travis
* Run eventstreams_java_build in travis and cleanup docker meta.
* Contributes to mhub/qp-planning#4795
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* Signed-off-by: Katherine Stanley <katheris@uk.ibm.com>
* feat: add run as listener to broker config (#50)
* This commit adds the RunAs listener to the Strimzi Broker
* configuration. This is not a configurable listener and will
* always be configured in the brokers.
* * feat: Add new kafka vnext image tag to operator
* This commit updates the kafka image in the strimzi fork.
* This issue also contains the RunAs kafka implementations.
* * feat: Remove old version file from commit
* This commit removes the eventstreams-kafka-version.yaml
* as this existed when the PR first was submitted, but
* isn't required anymore.
* Contributes to: mhub/qp-planning#4687
* Signed-off-by: Tim Mitchell <tim_mitchell@uk.ibm.com>
* fix: README and revert install changes on build (#63)
* Contributes to: mhub/qp-planning#0
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Fix api project tests (#62)
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Fix builds (#65)
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Add AdminAPI security config (#61)
* This commit updates the AdminAPI pod
* configuration with the new RunAs properties.
* This commit fixes a couple of issues and also
* adds the new kafka and operator image tags to the
* deployment yaml.
* It also introduces a secured eventstreams yaml that
* people can use to run a secured eventstreams.
* Contributes to: mhub/qp-planning#4684
* Signed-off-by: Tim Mitchell <tim_mitchell@uk.ibm.com>
* feat: Remove namespace scoping from webhooks (#66)
* The motivation for this is to remove the need to add labels to
* namespaces, as we're not removing these when an operator is
* uninstalled.
* This will mean that every webhook will invoke every operator, but
* I think this is relatively low-cost, so it's an acceptable impact.
* Closes: mhub/qp-planning#4829
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: Updating Redis version to 5.0.7 (#67)
* The objective of this change is to update the redis version to 5.0.7
* so that we receive all the latest fixes, as we are currently using redis 4.0.10.
* Contributes to: mhub/qp-planning#4784
* Signed-off-by: Damian Harateh <damian.harateh@ibm.com>
* feat: enable schema registry to read in accessMode (#71)
* Those changes enable the setting of the accessMode
* through the CR, and the defaults behave the same
* as current eventstreams.
* Contributes to: mhub/qp-planning#4587
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* Signed-off-by: Damian Harateh <damian.harateh@ibm.com>
* feat: Adding support for autoUpgradeVersions to our CR status (#70)
* To improve the experience of our users, we are introducing
* loose versioning for non-exact version strings.
* Contributes to: mhub/qp-planning#4760
* Signed-off-by: Damian Harateh <damian.harateh@ibm.com>
* feat: Port OLM to Strimzi combined operator (#64)
* fix: Update list of resources in our CSV
* The resources section of the CSV has been updated with the list of actual resources.
* Since the empty name fields were not documenting anything, they have been removed.
* Furthermore, new resources have been added to accurately reflect the complete list of actual resources that make up an instance of ES.
* Update init container to run as nonroot
* It was running as root which is not allowed on
* openshift-operators namespace
* Commit changed crd
* Contributes to: mhub/qp-planning#4756
* Contributes to: mhub/qp-planning#4777
* Signed-off-by: Damian Harateh damian.harateh@ibm.com
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Eventstreams cluster admin role (#73)
* Contributes to: mhub/qp-planning#4744
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: remove ibm-es (#76)
* Make the name of the Kafka and the EventStreams instance
* the same, to improve user experience.
* Contributes to: mhub/qp-planning#4844
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* fix: Use correct clusterrole for es nodeports (#74)
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* fix: Adding necessary compands to the script to fix failing Jenkins (#79)
* Closes: mhub/qp-planning#4853
* Signed-off-by: Damian Harateh <damian.harateh@ibm.com>
* fix: Update image tag for admin proxy (#78)
* Contributes to: mhub/qp-planning#4856
* Signed-off-by: Tom Jefferson <thomas.jefferson1@ibm.com>
* feat: helm charts and install folder generation (#80)
* this commit creates a set of helm charts and a makefile which
* when run merges the strimzi charts and the eventstreams charts
* to produce a set of helm charts that can be used to install
* eventstreams. these charts are then used to generate the install folder.
* Contributes to: mhub/qp-planning#4616
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* refactor: remove openssl - now included in qp-base (#83)
* Contributes to: mhub/qp-planning#4858
* Signed-off-by: Dave Lane <davilane@uk.ibm.com>
* feat: Fix Kafka secrets naming (#81)
* Fix Kafka secrets to always reference correct instance name
* Contributes to: mhub/qp-planning#4844
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Add Security to KafkaConnect to broker (#69)
* Three kafka users made, 1 for source side, 2 for destination
* side. These are only created if
* a)No oauth client auth set (which will error)
* b)If client auth set (which will not error, but instead run
* unsecured)
* The source side user creation is dependent on the security level
* at the external listener level, whereas the dest side
* is dependent on the internal listener security.
* If tls is enabled (client auth or just server side cert
* presented) then connect connects on the 9093 internal
* service, otherwise it connects on 9092.
* Contributes to: mhub/qp-planning#4432
* Signed-off-by: Emma Humber <emma.humber@uk.ibm.com>
* fix: Update service account to allow init container to run (#85)
* The init container needs permission to manage validatingwebhookconfigurations
* so this updates the service accounts to make this available.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Switch to using latest tag
* Contributes to mhub/qp-planning#4870
* Signed-off-by: Katherine Stanley <katheris@uk.ibm.com>
* fix: Update bootstrap env vars for rest (#89)
* Update Kafka bootstrap env vars to match
* the new name now the ibm-es has been
* dropped.
* Contributes to mhub/qp-planning#4872
* Signed-off-by: Katherine Stanley <katheris@uk.ibm.com>
* feat: Validating webhook for KafkaUser cluster labels (#86)
* This commit adds a webhook for KafkaUser entities to reject any
* that are missing the label that identifies the Kafka cluster they
* are for.
* Although we're not encouraging the use of the topic operator, I
* also added the same webhook for KafkaTopic entities as it wasn't
* much extra code.
* The two webhooks are using different URLs as it was the simplest
* way to know which class to use to deserialize the request payload
* without having to peek at the body. Functionally the two hook URLs
* are otherwise identical.
* I also left in a logger for uncaught exceptions that I found
* helpful while debugging my tests, as they're currently swallowed.
* Closes: mhub/qp-planning#4843
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: add checks in travis for generated files (#87)
* * feat: add checks in travis for generated files
* * fix: changes for yq version 3.1.1
* Contributes to: mhub/qp-planning#4867
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* fix: don't hard-code java image tag in init (#93)
* Contributes to: mhub/qp-planning#4858
* Signed-off-by: Dave Lane <davilane@uk.ibm.com>
* fix: Fix NPE when only external security set (#94)
* Contributes to: mhub/qp-planning#4876
* Signed-off-by: Emma Humber <emma.humber@uk.ibm.com>
* feat: Start using Strimzi Name Label (#84)
* Contributes to: mhub/qp-planning#4758
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* fix: Cleaning up OLM bundle info (#97)
* * Removed a placeholder
* * Added IBM Event Streams official email
* Since these are public/external values that are shown to customers in the OpenShift web UI, it needed cleaning up.
* Contributes to: mhub/qp-planning#4845
* Signed-off-by: Damian Harateh damian.harateh@ibm.com
* feat: Fix Runas Listener network policy definition (#99)
* This commit fixes the runas network policy definition
* which was failing because we called it after the
* network policy had been defined.
* Contributes to: mhub/qp-planning#4879
* Signed-off-by: Tim Mitchell <tim_mitchell@uk.ibm.com>
* fix: Remove anti-pattern of metadata (#102)
* Contributes to: mhub/qp-planning#0
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Update docs for OLM (#104)
* Contributes to: mhub/qp-planning#0
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Address review comments for NPE fix
* Address review comments for NPE fix
* Ensure the kafka user auth is set properly
* Contributes to: mhub/qp-planning#4876
* Signed-off-by: Emma Humber <emma.humber@uk.ibm.com>
* feat: Move linter from eventstreams-operator
* Contributes to: mhub/qp-planning#4796
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* fix: Allow topic operator to be disabled (#91)
* * fix: Allow topic operator to be disabled
* This commit updates our Kafka model so that it checks for the
* presence of a topic operator object in the requested spec
* before adding a topic operator container to the entity
* operator pod.
* I've updated the test that checked for resource limits, and
* manually verified both with and without topic operators to
* make sure it behaves as expected.
* I haven't done this for the user operator as we require this
* for the security between Event Streams components. This means
* that the user operator container is always deployed,
* regardless of what is requested.
* As we're not advocating the use of the topic operator, I've
* also removed it from our example yaml files, however this
* won't stop a user from adding it to their strimziOverrides
* if they want it.
* Closes: mhub/qp-planning#4664
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: Move KafkaUser creation, use correct labels + tests (#103)
* fix: labels for KafkaUsers
* Add context to why one would call the
* getComponentLabelsWithoutResourceGroup
* method due to Strimzi requiring them to not be present
* Move createKafkaUser to the AbstractModel to standardize the
* calls
* Rework replicator user model to simplify based on the above
* move.
* Sort out lables
* Add in a tests for labels and also to check that all kafkas and kafkausers
* are created in ESOperatorTest
* Contributes to: mhub/qp-planning#4758
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Move to using MM2 instead of connect
* Set group.id to be (relatively) unique, set acl to access this
* group. Also set the connect cluster name to be unique.
* config needs to be set at top level not at cluster spec level
* (includes updates to unit tests)
* Change user names to match what onCLoud use
* Make a generic method for querying the replicator name
* Contributes to: mhub/qp-planning#4873
* Signed-off-by: Emma Humber <emma.humber@uk.ibm.com>
* feat: review the CR spec
* this commit adds in the validation of required fields in the spec
* It also reverts the yq to a version that doesnt break the build pipeline
* Contributes to: mhub/qp-planning#4629
* Contributes to: mhub/qp-planning#4907
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* fix: Allow to run with default restricted scc (#96)
* Remove hard-code user Id to allow to run with any
* default user.
* Update the frontend-rest image tag to allow to run with
* any default user.
* Use the image build from a new branch of the
* expose-tls-and-nontls-ports branch with the fix.
* Contributes to: mhub/qp-planning#4753
* Signed-off-by: Erik Hu <erik.yu.shing.hu@ibm.com>
* feat: Update status spec to match CP4I conventions (#109)
* This commit updates the shape of our status object to match the
* latest requirements from CP4I.
* There are two main changes:
* 1) The shape of the versions info has changed, and the names
* have changed from available/autoupgrade to strict/loose.
* 2) A new object "endpoints" is added, which allows the platform
* navigator to discover API and UI links to Event Streams in a
* standard way.
* Closes: mhub/qp-planning#4916
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: Configure the RunAs port in the Adminapi
* This commit configures the kafka-bootstrap-servers
* env var to be the kafka runas port.
* This commit updates the image tag of the rest admin
* pod to pick up the runas changes.
* Contributes to: mhub/qp-planning#4684
* Signed-off-by: Tim Mitchell <tim_mitchell@uk.ibm.com>
* feat: set kafka bootstrap in admin api
* This change sets the internal plain, internal tls and external kafka
* bootstrap information in the admin api container. To do this, it
* passes the internal plain, internal tls and external kafka bootstrap
* urls to admin api as environment variables, and volume mounts
* the kafka config map in the admin api pod
* Contributes to: mhub/qp-planning#4875
* Signed-off-by: Steve Dare <steve.dare@ibm.com>
* fix: Update replicator model and spec for updated MM2 operator
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* docs: Add descriptions to CRD
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* fix: Correct README install command (#111)
* Contributes to mhub/qp-planning#0
* Signed-off-by: Katherine Stanley <katheris@uk.ibm.com>
* chore: Plugging in admin-api component (#112)
* - pointing UI to admin-api component
* - add missing env vars for admin-api and UI
* - update network policy for UI
* - add tests
* Contributes to: mhub/qp-planning#4821
* Signed-off-by: Gavin Royce Quadros <gavin.r.quadros@ibm.com>
* chore: Update generated files
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: Initial implementation of mounting certificate + env var (#116)
* Created a new volume and new volume mount for the client ca
* certificate as this will need to be used to enable mutual auth
* on admin-rest.
* Contributes to: mhub/qp-planning#4960
* Signed-off-by: Julian Goh <julian.goh@ibm.com>
* feat switch to new rest producer (#117)
* Change rest producer model to deploy the new
* rest producer
* Contributes to: mhub/qp-eventstreams-operator#4763
* Signed-off-by: Chris Patmore <christopher.patmore@ibm.com>
* feat: Add unit tests for mm2 security (#114)
* Also reworks the replicator spec slightly so we are no
* longer doubling up on any properties (eg the bootstrap
* and connect name). Extending the MM2Spec didn't work
* as the fluent builders objected to there being a
* MM2 overrides object in the class, and simply extending
* the class didn't make any of the parent spec object's
* fields available.
* Now the code matches how we do it for the KafkaSpec.
* Also needed to do some rearranging to fit in with the
* merge to the latest strimzi
* Contributes to: mhub/qp-planning#4432
* Signed-off-by: Emma Humber <emma.humber@uk.ibm.com>
* feat: routes refactor (#115)
* We need to be able to delete routes if they're not set. The current
* system by which routes are generated means their names are
* unpredictable
* By pre-seeding the map with the expected route keys and null values
* the deletion logic can determine which routes are not present and
* should be deleted. This comes with the caveat that custom listeners
* must be manually deleted by a user or deleted by owner reference on
* cluster deletion.
* Contributes to: mhub/qp-planning#4629
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* chore: Removing frontend-rest (#119)
* Removing frontend-rest container from admin-api pod.
* admin-api pod now has only the new admin-api (eventstreams-admin)
* Contributes to: mhub/qp-planning#4834
* Signed-off-by: Gavin Royce Quadros <gavin.r.quadros@ibm.com>
* feat: Structural schema (#120)
* One of the requirements of structural schemas is that all objects
* have a type. This commit makes our CRDs compliant with this by
* adding a type that was missing at the top level.
* This is something that the upstream Strimzi project are explicitly
* and intentionally omitting because they need to support Kubernetes
* 1.11 (OpenShift 3.11) which does not support this.
* We'll keep this change in our fork only until they drop support
* for OpenShift 3.11, at which point the change can be made in both
* places. This is something that is already in plan for Strimzi.
* Contributes to: mhub/qp-planning#4805
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* refactor: remove redundant route from admin api (#121)
* now that the old rest container has been removed
* the route and service that were pointing to it
* can be removed. Additionally the port numbers
* for the external-tls and external-plain listeners
* can be changed to the proper values
* Contributes to: mhub/qp-eventstreams-operator#4763
* Signed-off-by: Chris Patmore <christopher.patmore@ibm.com>
* feat: Add volume mounts for replicator plus tidy up (#118)
* Add volume mounts for 3 replicator kafka user secrets
* Add unit tests for these and existing volume mounts
* Add envs so that replicator Admin api code knows what
* level of kafka security it is dealing with
* Rename Destination to Target in replicator code to
* match what onlcoud use for their terminology (also
* matche mm2 terminology)
* Contributes to: mhub/qp-planning#4432
* Signed-off-by: Emma Humber <emma.humber@uk.ibm.com>
* feat: Enable georeplication in admin-api and admin-ui deployments (#123)
* - This commit enables geo-replication via the GEOREPLICATION_ENABLED
* env vars on admin-api and admin-ui.
* - It updates the admin-api image to avoid the KafkaAdminClient
* OOM errors seen in earlier versions.
* - It also adds a missing serviceSelector label on the replicator
* deployment which is checked by admin-api to ensure that the cluster
* that is being connected to is able to do geo-replication.
* Contributes to: mhub/qp-planning#4486
* Signed-off-by: Andrew Borley <borley@uk.ibm.com>
* feat: Reconcile components for deletion (#124)
* Contributes to: mhub/qp-planning#4629
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Removing admin proxy (#125)
* Removing admin proxy component from models, tests,
* spec and relevant crd's.
* Contributes to: mhub/qp-planning#4834
* Signed-off-by: Gavin Royce Quadros <gavin.r.quadros@ibm.com>
* fix: Webhook failed due to missing secret volume (#128)
* Webhook validation failed due to missing secret files
* on the HTTPServer during startup
* Contributes to: mhub/qp-planning#4944
* Signed-off-by: Erik Hu <erik.yu.shing.hu@ibm.com>
* chore: Updates for upstream Strimzi
* - Update version of yq to match the version used in upstream
* - Fix checkstyle defect introduced in ExamplesTest during rebase
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* chore: Update generated files
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: OSDK Scorecard (#131)
* * feat: OSDK Scorecard
* This commit adds the ability to run the OSDK Scorecard locally in order
* to get insights regarding the mandatory tests we are passing or failing.
* Also, updates Travis to use yq v3.2.1.
* The eventstreams_build stage has also been run in order to pick up the
* changes introduced by the Strimzi yq upgrade.
* Contributes to: mhub/qp-planning#4773
* Signed-off-by: Stelios Gkiokas <Stylianos.Gkiokas@ibm.com>
* fix: admin api logging level (#134)
* Sets the TRACE_SPEC env var to the first value in the admin api
* logging section instead of a comma separated list
* Fixed unit test accordingly
* Contributes to: mhub/qp-planning#4987
* Signed-off-by: Steve Dare <steve.dare@ibm.com>
* chore: remove CRDs fodler from recipe (#136)
* We need to run an extra step to remove the CRDs folder while running the
* scorecard otherwise the step is failing.
* Contributes to: mhub/qp-planning#4773
* Signed-off-by: Stelios Gkiokas <Stylianos.Gkiokas@ibm.com>
* feat: Add component create/delete tests for resources (#135)
* Contributes to: mhub/qp-planning#4692
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* chore: removing build_csv recipe from scorecard (#138)
* We are having problems to run the operator_courier in a Docker container
* due to some dependencies of Python3 that make it difficult to convert
* ASCII to UTF8 (the relevant issue has been raised against their repo).
* Since running the build_csv recipe before build_scorecard has been added
* only for sanity purposes in order to always have a fresh OLM bundle, it
* can be removed for now until the issue is answer from the maintainers.
* Contributes to: mhub/qp-planning#4773
* Signed-off-by: Stelios Gkiokas <Stylianos.Gkiokas@ibm.com>
* chore: recreate crds folder for Scorecard (#139)
* There was a bug in the previous logic since the recipe couldn't be
* executed since the crds file could not be created.
* Contributes to: mhub/qp-planning#4773
* Signed-off-by: Stelios Gkiokas <Stylianos.Gkiokas@ibm.com>
* * fix: Refactor kafkausers to use reconcile (#137)
* Replicator kafkausers should be created under
* the correct conditions also
* Contributes to: mhub/qp-planning#4692
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* chore: Update generated files (#140)
* Updates to the Java model classes pulled in from upstream Strimzi
* need reflecting in the CRD files that we generate.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* chore: Edit CR Tiles (#141)
* Remove CR tiles from upstream Strimzi we don't want to display in
* Event Streams.
* Improve descriptions of remaining CR tiles.
* Contributes to: mhub/qp-planning#4997
* Signed-off-by: Tom Jefferson <thomas.jefferson1@ibm.com>
* chore: retrieve scorecard output on Jenkins (#144)
* It seems that some of the instructions from the operator-sdk repo can be
* ingored in order to properly run the scorecard. This commit removes the
* volume and volumeMount update of the ES deployment since it "confuses"
* the scorecard for some reason.
* Contributes to: mhub/qp-planning#4773
* Signed-off-by: Stelios Gkiokas <Stylianos.Gkiokas@ibm.com>
* chore: remove Architecture fromt the spec (#146)
* remove Architecture from the eventstreams spec and all references to
* it in the code
* Contributes to: mhub/qp-planning#5026
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* fix: yq version check (#148)
* Contributes to: mhub/qp-planning#5029
* Signed-off-by: Tom Jefferson <thomas.jefferson1@ibm.com>
* chore: code cleanup and documenting (#143)
* This commit does some code cleanup. it puts all the default resource requirements in a central file it removes the unnecessary egress rules from the network policy and it adds a javadoc comment to most methods for an improvement in readability.
* Contributes to: mhub/qp-planning#5024
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* feat: New example Event Streams CR templates (#142)
* This commit replaces the previous examples with a new core set.
* One is a simple minimal CR called "quickstart", which is the name
* that the rest of CP4I is using for their demo/PoC CR templates.
* It is a single Kafka broker, single ZK node cluster, with no
* auth enabled and no geo-replicator. The Kafka cluster config is
* modified to reduce the footprint requirements.
* The remaining examples are production cluster specifications, for
* a three, five and nine broker cluster. The configuration is based
* on the setup described in the performance report for the previous
* release of Event Streams.
* I've tried to reduce the amount of detail needed in the CR, such
* as removing some of the attributes we've had in examples that
* already matched the default values.
* I've modified the spec to remove the requirement to specify the
* number of replicas for geo-rep pods, to make the minimum CR yaml
* smaller.
* I've also fixed the order of attributes in the Event Streams spec
* which had gotten out of date with the actual attributes.
* I've left "architecture" at the top as it'll be the next thing
* that we remove.
* Contributes to: mhub/qp-planning#4622
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* fix: Add missing replicator deployment label (#149)
* - This commit re-adds a serviceSelector label for the replicator
* deployment which was accidentally removed in a refactoring PR.
* Contributes to: mhub/qp-planning#4486
* Signed-off-by: Andrew Borley <borley@uk.ibm.com>
* feat: CP4I Header as a Service (#147)
* Create a Cp4iServicesBinding and wait for it as part of our
* reconcile loop to check for an instance to retrieve the header
* URL to be added to our UI.
* Added additional mocking to fix tests and a non-static wrapper
* for a static method to allow mocking to be done on it
* Create Cluster Role for Cp4iServicesBinding
* Add method to check presence of a Crd.
* Add checks to prevent failure if Cp4iServicesBinding Crd
* is not present
* Create ClusterRole for crds with list permission
* Added tests to check the behaviour of the Cp4iServicesBinding
* adding the Header URL to the Admin UI envars
* Contributes to: mhub/qp-planning#4751
* Signed-off-by: Tom Jefferson <thomas.jefferson1@ibm.com>
* feat: Add app.kubernetes.io/part-of label to ES components (#151)
* This commit adds app.kubernetes.io/part-of to the standard labels that
* Strimzi operators add. It's set to match what we're currently using
* for app.kubernetes.io/instance and is set in the same way.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: Introduce Endpoints into CRD (#145)
* Create new endpoints spec in the CRD. This is an initial commit
* as part of developing the security model for defining listeners,
* but there aren't any parts of the CR using this new model yet.
* Contributes to: mhub/qp-planning#4990
* Signed-off-by: Julian Goh <julian.goh@ibm.com>
* fix: generated files mistake (#152)
* also delete a file accidentally checked in
* Contributes to: mhub/qp-planning#5024
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* fix: remove missed arch reference from csv (#154)
* remove missed arch reference from csv
* also add in pull policy of always to make sure we quickly catch
* and breaks.
* Contributes to: mhub/qp-planning#5024
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* fix: add ES_CACERT env var to admin api (#159)
* * fix: add ES_CACERT env var to admin api
* This env var was removed when rest was removed, however it is
* needed by admin-api to retrieve the PEM certificate so has been
* re-added
* Contributes to: mhub/qp-planning#5037
* Signed-off-by: Steve Dare <steve.dare@ibm.com>
* fix: Use correct encryption value (#161)
* Use encryption value from the CR for admin-api and schema registry
* urls since the UI encryption value is set to TLS.
* Contributes to: mhub/qp-planning#4821
* Signed-off-by: Gavin Royce Quadros <gavin.r.quadros@ibm.com>
* feat: tag and push init image (#132)
* Contributes to: mhub/qp-planning#5009
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* License accept webhook (#162)
* this commit adds a top level `licenseAccept` field into the spec.
* It adds a webhook to do validation that the field has been set to true
* Contributes to: mhub/qp-planning#4621
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* fix: Modifying the tests to correctly handle failed assertions (#164)
* Previously, many of the unit tests in the ES operator
* did not handle the failed assertions correctly.
* This has been addressed by correctly catching the assertion errors
* and failing the context where necessary
* to prevent the TimeOut Exception Error, which would occur when an assertion would fail
* but because the context was not failing, the test would continue
* and then throw a timeout error.
* Contributes to: mhub/qp-planning#4795
* Signed-off-by: Damian Harateh <damian.harateh@ibm.com>
* fix: Adding an example of improved way of structuring tests (#165)
* In order to ensure that future tests handle assertions correctly,
* I added an old and new (recommended) way of structuring the tests.
* Contributes to: mhub/qp-planning#4795
* Signed-off-by: Damian Harateh <damian.harateh@ibm.com>
* feat: Create Endpoints Model (#153)
* Created the abstract class which will be used to create the
* services, volumes, and volume mounts needed to create
* the appropriate services that are needed. Will always
* create the P2P service regardless of whatever
* is needed.
* Contributes to: mhub/qp-planning#4990
* Signed-off-by: Julian Goh <julian.goh@ibm.com>
* feat: Creating HMAC secret (#155)
* Create secret which has a key that is used by Rest Producer
* and Schema Registry.
* Contributes to: mhub/qp-planning#4999
* Signed-off-by: Gavin Royce Quadros <gavin.r.quadros@ibm.com>
* docs: Clarify that custom SCCs are no longer needed (#166)
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: Correct resources list displayed in OpenShift console (#167)
* For custom resources, the name is required and must be fully-qualified.
* I've also removed the replica set from the UI listing, as I don't
* think it is helpful and just adds noise.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* chore: Rename status variables to match latest CP4I agreement (#169)
* spec.appVersion is now spec.version
* This change was motivated to become consistent with OpenShift UI.
* status.versions.reconciledVersion is now status.versions.installed
* status.versions.availableVersions.strictVersions is now
* status.versions.available.versions
* status.versions.availableVersions.looseVersions is now
* status.versions.available.channels
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* fix: add javadoc @returns (#174)
* Contributes to: mhub/qp-planning#5048
* Signed-off-by: Kit Davies <kit.davies@uk.ibm.com>
* docs: Top-level summary of resource requirements for examples (#173)
* This is my estimate of the resource requirements for the examples as we
* currently have them, but it is best treated as a placeholder as the
* resource requirements for almost all our components will be changing
* once the performance measurements work has been completed.
* Contributes to: mhub/qp-planning#4622
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: Use STRIMZI_IMAGE_PULL_SECRETS as a default pull secret (#170)
* The cluster operator deployment environment variable
* STRIMZI_IMAGE_PULL_SECRETS is already used as a default pull secret
* for the images for Kafka, ZooKeeper, TLS sidecar, JMX trans, topic
* operator, entity operator, etc.
* This commit extends the use of this environment variable to the
* Event Streams containers adminApi, adminUi, Collector, REST Producer,
* and Schema Registry.
* It doesn't introduce an Event Streams-specific environment variable
* (e.g. a "EVENTSTREAMS_IMAGE_PULL_SECRETS" option) as I intend to
* address the difference between STRIMZI... and EVENTSTREAMS... env
* vars in a later commit.
* Contributes to: mhub/qp-planning#5034
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* fix: Fix example names in scorecard config
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* fix: Fix error message if license is not accepted
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* fix: Remove duplicate item in CSV resources list (#175)
* I'm not sure how this got into the list, but the presence of a duplicate
* breaks the OLM UI.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* fix: Check if Kafka has a Ready condition (#178)
* The previous implementation had a hard-coded assumption that the
* ready condition would always be the first condition in the list.
* This isn't a safe assumption, as other warnings and conditions
* can be included in the list.
* This commit makes our check a bit more flexible, so that we can
* cope with no list of conditions, an empty list, a list with other
* warnings in, etc.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* refactor: Improve checking Kafka status with new Kafka operator (#179)
* Contributes to: mhub/qp-planning#5024
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: move function from script to makefile (#182)
* this commit moves the functionality of the eventstreams_local_build.sh
* to the eventstreams_makefile and fixes the build issue for quickly
* building the eventstreams_operator
* Contributes to: mhub/qp-planning#5051
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* revert: fix: yq version check (#148) (#183)
* This reverts commit 124253250a9a7ae06b79c28094857a5f9b67fa35.
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* fix: Revert "Improve checking Kafka status with new Kafka operator" (#184)
* This reverts commit fcb34e497eb83ff5b1ba682b00b74dba295949f6.
* Contributes to: mhub/qp-planning#5089
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* fix: configuration for admin auth (#185)
* - fix location for client cert
* - add in ssl enabled / disabled
* - separate run as from internal
* - add envar for runas
* - admin api now chooses to use run as
* If admin has done authentication, i.e. if authentication has been
* enabled it will address runas.
* If ssl is disabled with no auth then it will hit port 9092.
* If ssl is enabled, no auth will go to runas with anonymous user.
* Contributes to: mhub/qp-planning#5068
* Signed-off-by: Chris Patmore <christopher.patmore@ibm.com>
* fix: Only query replicator dest side users if replicator enabled (#176)
* The setClientAuthForReplicator queries the destination side
* kafka users if client auth is enabled. However it does this regardless
* of whether replication is enabled. And the users are only made if
* replication is enabled.
* So, the case where client auth is on, but replication is not enabled
* it needs to not query the destination side kafka users.
* Contributes to: mhub/qp-planning#5063
* Signed-off-by: Emma Humber <emma.humber@uk.ibm.com>
* Signed-off-by: Gavin Royce Quadros <gavin.r.quadros@ibm.com>
* feat: Provide user feedback in status conditions (#187)
* This commit makes a number of changes to our CR status object, with the
* overall aim of improving usability through user feedback:
* - Adds status.phase which will be displayed at various points in the
* OpenShift UI
* - Adds warnings with potential problems to status.conditions
* - Adds a temporary "Creating" condition to status.conditions during
* the first run through the reconcile loop
* - Adds a "Ready" condition to status conditions after the first run
* through the reconcile loop
* Contributes to: mhub/qp-planning#4810
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* docs: Added CRD documentation (#189)
* Updates to resolve errors reported by the operator scorecard.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* chore: Rename status fields (#190)
* Updates based on the latest spec agreed with CP4I.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: watch multiple namespaces via olm (#186)
* this commit also cleans up the deployment by removing an
* unnecessary EVENTSTREAMS_NAMESPACE env var
* Contributes to: mhub/qp-planning#5008
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* feat: Convert Admin REST To Endpoints (#177)
* Convert Admin REST to use new Endpoints Model. This will allow users
* to configure the endpoints that they want to be created with a
* specific configuration. Users can specify what type of service they
* want to create, the authentication mechanisms, if the endpoint is TLS,
* and what port to access. It will also reconcile the certificates for
* each endpoint.
* Note that NodePort Certificate Generation is currently not
* implemented. Only the route name is put into the SANS if using an
* external route otherwise it will put in the service.
* Contributes to: mhub/qp-planning#4990
* Signed-off-by: Julian Goh <julian.goh@ibm.com>
* feat: Sample YAML for use in OpenShift YAML editor (#191)
* Closes: mhub/qp-planning#5071
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* fix: Enable the rest producer to work with security
* Update the image and envars / mounts etc. for the REST producer
* to work properly.
* Add kafka extension network policy. Need to extend the Kafka network
* policy to allow certain traffic to the runas port.
* This was in Strimzi code. Have moved into Event Streams code and
* added a rule for the REST producer.
* Set the owner reference.
* Test the new netpol is created.
* Contributes to: mhub/qp-planning#4763
* Signed-off-by: Chris Patmore <christopher.patmore@ibm.com>
* feat: case bundle initial commit (#181)
* This commit initialises the case bundle directory structure and
* contains a first pass at populating the files
* Contributes to: mhub/qp-planning#4365
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* feat: Remove Listeners and Convert Everything to Endpoints (#192)
* Remove Listener and Abstract Secure Endpoints from Schema Registry and
* REST Producer. Listener and Abstract Secure Endpoints have now been
* deleted from the code. Both components now use Endpoints model to create
* configurable routes and services. This also introduces the ability for
* endpoints to delete routes that have been renamed as it now checks the
* status field for existing routes. Also introduces the ability to pass in
* a null spec
* Closes: mhub/qp-planning#4990
* Signed-off-by: Julian Goh <julian.goh@ibm.com>
* chore: Image tag updates (#198)
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: Block unsupported authorizers (#194)
* EventStreams does not support the 'simple' or 'keycloak' authorizers.
* Block these by preventing them from being parsed, allowing only the
* 'runas' type to pass. Users can also omit this section altogether.
* runas is the only supported authorization type if security is enabled.
* Update the description text to reflect that.
* Contributes to: mhub/qp-planning#5067
* Signed-off-by: John Beaven <beavenj@uk.ibm.com>
* feat: Rename TLS to Internal_TLS (#200)
* Renamed TLS to INTERNAL_TLS because it was confusing. Also
* added a description
* Contributes to: mhub/qp-planning#5107
* Signed-off-by: Julian Goh <julian.goh@ibm.com>
* fix: Update Labels method calls to match upstream changes (#201)
* The Labels class in upstream Strimzi has been refactored, so this
* commit updates our calls to match the new method names.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* fix: update generated files (#202)
* Contributes to: mhub/qp-planning#5024
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* feat: webhook to validate endpoints (#203)
* this commit adds a webhook to validate the list on endpoints provided
* in the CR has a valid configuration
* Contributes to: mhub/qp-planning#5031
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* fix: Truncate Default Resource Name (#197)
* Changes to truncate various parts of default resource names when
* necessary.
* With this commit, the app name will still normally be ibm-es as before,
* but we will switch to a shorter app name of es when we are short of
* space
* Added behaviour for excessively long suffixes being truncated.
* Contributes to: mhub/qp-planning#4943
* Signed-off-by: Tom Jefferson <thomas.jefferson1@ibm.com>
* fix: Fix issue with mounting wrong cert in Admin API (#205)
* The SSL_TRUSTSTORE_LOCATION env var needs to be changed from
* /certs/cluster/podtls.p12 to /certs/cluster/ca.p12 or else
* Admin API can't create the Kafka Admin Client.
* Contributes to: mhub/qp-planning#5114
* Signed-off-by: Julian Goh <julian.goh@ibm.com>
* feat: Add ability to set TLS version & rename to internalTls (#207)
* Add the ability for the operator to configure Admin REST, REST
* Producer, Schema Registry, Collector and UI with a TLS Version
* variable. This will be used to drive config to configure the
* specified TLS Version for an endpoint or per component.
* Also fixed an issue where the operator tried to create the same
* service multiple times. Also renamed encryption to internalTls
* Contributes to: mhub/qp-planning#5115
* Signed-off-by: Julian Goh <julian.goh@ibm.com>
* feat: Specify status as a sub-resource in the main CRD (#208)
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: Consolidate envars into EVENTSTREAMS (#206)
* Trim envars down to reduce duplication
* Make all envars EVENTSTREAMS specific
* write logic to clone eventstreams envars as strimzi envars
* Use WATCHED_NAMESPACE envar as per cloud pak instructions
* Contributes to: mhub/qp-planning#5076
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* fix: Change the yaml files in operator (#211)
* Due to the renaming of the variable of TLS to InternalTLS we need
* to change the yaml to reflect this. This should fix the E2Es
* produce tls test.
* Contributes to: mhub/qp-planning#5126
* Signed-off-by: Julian Goh <julian.goh@ibm.com>
* feat: Implement validation of plain listeners (#199)
* Check the configuration of EventStreams security and if it is NONE
* then make sure that the Kafka Plain Listener is configured WITHOUT
* security. This will prevent the situation where REST can't talk to
* Kafka due to a lack of a Plain Listener/it can't authenticate with
* Kafka.
* Contributes to: mhub/qp-planning#4899
* Signed-off-by: Julian Goh <julian.goh@ibm.com>
* feat: Status modifications as a sub-resource (#215)
* Closes: mhub/qp-planning#5095
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: Fix spotbugs errors (#210)
* Updated spotbugs version in our pom to match upstream Strimzi.
* Fixed some errors reported by Strimzi in our code.
* Added spotbugs check to Travis for running in future PRs.
* Spotbugs on the entire repo is overkill. Scanning the cluster
* operator and Event Streams operator is enough.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* chore: Update version to 2020.2.1 (#209)
* When we started development, we envisaged a Q1 release, but now that
* we're targeting June we need to update the version number to match.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: Add rest module to schema pod (#212)
* Add rest module to schema pod to enable
* auth calls to be made against schema registry
* Fix some naming conventions and tidy some of the code
* and tests
* Contributes to: mhub/qp-planning#4889
* Signed-off-by: A. Garrard <GARRARD@uk.ibm.com>
* chore: Add auth & protocol labels to routes (#204)
* Adding authentication and protocol labels to routes so that the CLI
* can discover correct endpoint.
* Contributes to: mhub/qp-planning#5035
* Signed-off-by: Gavin Royce Quadros <gavin.r.quadros@ibm.com>
* feat: Add kafka image to fix ACL issue (#219)
* This commit updates the kafka image tag which
* fixes an ACL problem in the RunAs Authorizer.
* Closes: mhub/qp-planning#5139
* Signed-off-by: Tim Mitchell <tim_mitchell@uk.ibm.com>
* feat: Differentiate P2P auth by component name (#218)
* Will now create different authentication mechanisms on the
* P2P ports based on what component is being created. This
* will allow us secure everything.
* Fixed an issue where routes weren't being created because
* the labels didn't follow a specific regex.
* Closes: mhub/qp-planning#5064
* Signed-off-by: Julian Goh <julian.goh@ibm.com>
* fix: image tag update (#220)
* update the RP image tag
* Contributes to: mhub/qp-planning#4763
* Signed-off-by: Chris Patmore <christopher.patmore@ibm.com>
* chore: Image tag updates (#221)
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* fix: Now uses different port for P2P (#224)
* Previously UI would always use the TLS port to talk to
* admin rest and schema registry because UI was always
* TlsV1.2. Now will create p2p port based on the overall
* CRD security of the CRD
* Contributes to: mhub/qp-planning#5147
* Signed-off-by: Julian Goh <julian.goh@ibm.com>
* feat: Seed help file with error info (#223)
* Contributes to: mhub/qp-planning#5024
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* fix: Use correct Envar for Log level (#225)
* Contributes to: mhub/qp-planning#4988
* Signed-off-by: Tom Jefferson <thomas.jefferson1@ibm.com>
* feat: Add the fixed public endpoints image tag (#227)
* This commit adds the image tag containing the
* fix for the AdminApi Public endpoints into the
* operator.
* Contributes to: mhub/qp-planning#5119
* Signed-off-by: Tim Mitchell <tim_mitchell@uk.ibm.com>
* feat: Report reconcile failures in CR status (#229)
* The cluster-operator verticle writes status conditions to explain
* reconcile failures. As we don't expect users to look at the Kafka
* CR, these are effectively hidden from users, while the Event Streams
* instance stays in a Pending state.
* This commit looks for these failure states, and in the event of
* a failure in the cluster-operator, the error message is copied
* into our status conditions list, and the status phase is set to
* Failed.
* The onFailure implementation for this will also catch any other
* general failures and similarly write an explanation into our
* status and set the instance into a Failed state.
* Contributes to: mhub/qp-planning#5141
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* chore: Sed command to quote envars (#217)
* for space-delimited lists, export fails
* re-quote strings to avoid these errors
* Contributes to: mhub/qp-planning#5076
* Signed-off-by: Samuel Hawker <samuel.hawker@ibm.com>
* feat: Pass default cipher suite to collector (#222)
* Add the default suites to the collector model
* and pass these via a new CIPHER_SUITE environment
* variable to the collector. This can be overriden
* in the yaml (see issue for details)
* Contributes to: mhub/qp-planning#5122
* Signed-off-by: John Beaven <beavenj@uk.ibm.com>
* feat: Add env vars and mount for geo-replication client auth handling (#230)
* - Adds a client auth env var to the admin-api pod to enable
* geo-replication client auth handling.
* - Mounts the replicator secret in the replicator pod so that client
* auth certs & keys can be used in the MM2 connectors.
* - Fixes the issue where an empty replicator stanza was not bringing up
* any replicator pods.
* - Ensures the admin-api GEOREPLICATION_ENABLED env var correctly
* reflects whether georeplication is enabled in the instance.
* Contributes to: mhub/qp-planning#5081
* Signed-off-by: Andrew Borley <borley@uk.ibm.com>
* chore: Update security labels (#226)
* Updating security labels in routes and rename mutual tls to tls
* in tests.
* Contributes to: mhub/qp-planning#5064
* Contributes to: mhub/qp-planning#5113
* Signed-off-by: Gavin Royce Quadros <gavin.r.quadros@ibm.com>
* chore: Remove AdminApiSpec (#233)
* AdminApiSpec is no longer providing any unique values, so ahead of some
* changes/refactoring planned for this week, I'm removing it to reduce the
* number of places that will need changes.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: New webhook for validating characters in metadata.name (#232)
* Instance names are used in services created by both ES and Strimzi,
* so this means that we have to enforce the character limitations for
* Services in Event Streams names.
* This commit introduces a new webhook to do that, with an error
* message consistent with the format of errors messages in Kubernetes
* client exceptions.
* I've also renamed some of the existing webhooks to make them more
* consistent.
* Closes: mhub/qp-planning#5141
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* chore: Update endpoint type capitalisation (#231)
* Kubernetes convention is for acronyms to be in upper-case.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: Enforce required dependencies between ES components (#234)
* The UI and geo-replicator both depend upon the adminApi component
* being enabled. This commit updates the operator to check for this
* to prevent it continuing and encountering downstream errors.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: New env var to inform admin components if schemareg enabled (#235)
* I've copied the pattern used in ReplicatorModel.isReplicatorEnabled
* These new environment variables aren't used yet, but the intention
* is that they will be used to enable/disable calls to the Schema
* Registry to avoid errors when the schema registry is excluded from
* the ES CR.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: Fix CA Cert in Truststore EnvVar (#239)
* This commit fixes the CA cert that is configured in
* the Truststore EnvVar of the Rest Producer. It is
* referring to a non-existant file, podtls.p12 and should
* be the ca.p12.
* Also I have removed the CLIENT_P12_PASSWORD as this is
* no longer used.
* Contributes to: mhub/qp-planning#5157
* Signed-off-by: Tim Mitchell <tim_mitchell@uk.ibm.com>
* fix: image tag update (#244)
* update the RP image tag
* Contributes to: mhub/qp-planning#5123
* Signed-off-by: Chris Patmore <christopher.patmore@ibm.com>
* chore: remove case from repo (#241)
* this commit removes the case package from the repository as it is being
* moved to it's own repository where it wwill be generated from a
* submodule of this repo
* Contributes to: mhub/qp-planning#5146
* Signed-off-by: Harvey Elsom <harvey.elsom@uk.ibm.com>
* chore: pass k8sapi version to admin api (#245)
* Added env var to pass the instance api version
* to admin api
* Contributes to: mhub/qp-planning#4938
* Signed-off-by: Steve Dare <steve.dare@ibm.com>
* feat: Update tag for the collector (#242)
* Required the base name and tag to be updated to
* reflect whats currently generated.
* Contributes to: mhub/qp-planning#5122
* Signed-off-by: John Beaven <beavenj@uk.ibm.com>
* chore: Cleanup environment variables on ES containers (#240)
* This commit removes some unused env vars, and sets the value
* for some env vars that were still left as unset placeholders.
* Images needed rebuilding to use the new base layer that removes
* the need for environment variables that were helping to label
* nodes in the Helm release.
* Contributes to: mhub/qp-planning#4667
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* fix: Handle disabled ES components (#246)
* Admin UI was inadvertently made into a required component, because
* the OIDC registration was dependent on the UI route, and the OIDC
* client secret is used in admin-api.
* This commit fixes some mistakes like that, so components can be
* removed from a CR without errors.
* The exception is admin-api which will require more substantial
* refactoring to allow it to be removed, so this commit explicitly
* makes it a required component, but otherwise leaves that as-is.
* Allowing admin-api to be excluded can be left to a follow-on PR.
* Signed-off-by: Dale Lane <dale.lane@uk.ibm.com>
* feat: add a script to read kafka version from yaml (#236)
* This will be used by jenkins to read the version of kafka used in
* the latest image tag, avoiding the need to hard-code it somewhere
* in qp-jenkins-jobs
* Contributes to: mhub/qp-planning#2844
* Signed-off-by: Dave Lane <davilane@uk.ibm.com>
* feat: New operator for geo-replicator clusters (#238)
* When a new georeplicator is added, if admin-api updates the MM2 CR to
* add in the new config then the ES operator will splat over the changes
* with what was set originally in the Operator config and all the new
* config is lost.
* Strimzi mm2 operator attempts to honour the changes made by REST and
* recreates the MM2 pod with the new settings, before recreating it
* again without them after the ES operator changes them.
* Really, REST needs to update the ES CR, not the mm2 cr as that is
* where we define the config, but this is pretty risking as patching our
* main, top level CR each time a mm2 is made isn't wise (what if we
* patch it badly....)
* So, as discussed with Sam (and a tiny bit with Dale), separating out
* the Replicator part of the ES operator into its own resource that we
* can then patch from admin-api.
* REST can then make changes to the georeplicator cr, the operator then
* updates the MM2 cr, and strimzi deals with the update and we should,
* in theory, be all good.
* A few items to help with the review
* In abstract model I needed to change the following so that the
* setAbstractMethod works for both ES and ESGeorep instances
* protected void setOwnerReference(EventStreams instance) {
* protected void setOwnerReference(CustomResource instance) {
* I've made a separate ReplicatorSecretModel, as that's the …- Loading branch information
1 parent
4413272
commit 9671c6f