134 lines
6.4 KiB
YAML
134 lines
6.4 KiB
YAML
{{- /*
|
|
Copyright VMware, Inc.
|
|
SPDX-License-Identifier: APACHE-2.0
|
|
*/}}
|
|
|
|
{{- if (include "kafka.createSaslSecret" .) }}
|
|
{{- $secretName := printf "%s-user-passwords" (include "common.names.fullname" .) }}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ $secretName }}
|
|
namespace: {{ include "common.names.namespace" . | quote }}
|
|
labels: {{- include "common.labels.standard" . | nindent 4 }}
|
|
{{- if .Values.commonLabels }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
{{- if .Values.commonAnnotations }}
|
|
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
type: Opaque
|
|
data:
|
|
{{- if (include "kafka.client.saslEnabled" .) }}
|
|
{{- $secretValue := "" }}
|
|
{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .) $secretName).data }}
|
|
{{- if and $secretData (hasKey $secretData "client-passwords")}}
|
|
{{- $secretValue = index $secretData "client-passwords" }}
|
|
{{- end }}
|
|
{{- if or (empty $secretValue) (not (eq (len .Values.sasl.client.users) (len (splitList "," (b64dec $secretValue))))) }}
|
|
{{- $clientPasswords := .Values.sasl.client.passwords }}
|
|
{{- if empty $clientPasswords }}
|
|
{{- $clientPasswords = list }}
|
|
{{- range .Values.sasl.client.users }}
|
|
{{- $clientPasswords = append $clientPasswords (randAlphaNum 10) }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- $secretValue = join "," $clientPasswords | toString | b64enc }}
|
|
{{- end }}
|
|
client-passwords: {{ $secretValue | quote }}
|
|
system-user-password: {{ index (splitList "," (b64dec $secretValue)) 0 | b64enc | quote }}
|
|
{{- end }}
|
|
{{- if or .Values.sasl.zookeeper.user .Values.zookeeper.auth.client.enabled }}
|
|
zookeeper-password: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "zookeeper-password" "providedValues" (list "sasl.zookeeper.password" "zookeeper.auth.client.clientPassword") "failOnNew" false "context" $) }}
|
|
{{- end }}
|
|
{{- if regexFind "SASL" (upper .Values.listeners.interbroker.protocol) }}
|
|
inter-broker-password: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "inter-broker-password" "providedValues" (list "sasl.interbroker.password") "failOnNew" false "context" $) }}
|
|
{{- end }}
|
|
{{- if regexFind "SASL" (upper .Values.listeners.controller.protocol) }}
|
|
controller-password: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "controller-password" "providedValues" (list "sasl.controller.password") "failOnNew" false "context" $) }}
|
|
{{- end }}
|
|
{{- if .Values.serviceBindings.enabled }}
|
|
|
|
{{- if (include "kafka.client.saslEnabled" .) }}
|
|
{{- $host := list }}
|
|
{{- $port := .Values.service.ports.client }}
|
|
{{- $bootstrapServers := list }}
|
|
{{- if not .Values.controller.controllerOnly }}
|
|
{{- range $i, $e := until (int .Values.controller.replicaCount) }}
|
|
{{- $controller := printf "%s-controller-%s.%s-headless.%s.svc.%s" (include "common.names.fullname" $) (print $i) (include "common.names.fullname" $) $.Release.Namespace $.Values.clusterDomain }}
|
|
{{- $host = append $host $controller }}
|
|
{{- $bootstrapServers = append $bootstrapServers (printf "%s:%s" $controller .Values.service.ports.client) }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- range $i, $e := until (int .Values.broker.replicaCount) }}
|
|
{{- $broker := printf "%s-broker-%s.%s-headless.%s.svc.%s" (include "common.names.fullname" $) (print $i) (include "common.names.fullname" $) $.Release.Namespace $.Values.clusterDomain }}
|
|
{{- $host = append $host $broker }}
|
|
{{- $bootstrapServers = append $bootstrapServers (printf "%s:%s" $broker .Values.service.ports.client) }}
|
|
{{- end }}
|
|
{{- range $i, $e := until (len .Values.sasl.client.users) }}
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ include "common.names.fullname" $ }}-svcbind-user-{{ $i }}
|
|
namespace: {{ $.Release.Namespace | quote }}
|
|
labels: {{- include "common.labels.standard" $ | nindent 4 }}
|
|
{{- if $.Values.commonLabels }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
{{- if $.Values.commonAnnotations }}
|
|
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
type: servicebinding.io/kafka
|
|
data:
|
|
provider: {{ print "bitnami" | b64enc | quote }}
|
|
type: {{ print "kafka" | b64enc | quote }}
|
|
username: {{ index .Values.sasl.client.users $i | b64enc | quote }}
|
|
password: {{ index .Values.sasl.client.passwords $i | b64enc | quote }}
|
|
host: {{ join "," $host | b64enc | quote }}
|
|
port: {{ print $port | b64enc | quote }}
|
|
bootstrap-servers: {{ join "," $bootstrapServers | b64enc | quote }}
|
|
{{- end }}
|
|
{{- else }}
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ include "common.names.fullname" . }}-svcbind
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
labels: {{- include "common.labels.standard" . | nindent 4 }}
|
|
{{- if .Values.commonLabels }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
{{- if .Values.commonAnnotations }}
|
|
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
type: servicebinding.io/kafka
|
|
data:
|
|
provider: {{ print "bitnami" | b64enc | quote }}
|
|
type: {{ print "kafka" | b64enc | quote }}
|
|
host: {{ join "," $host | b64enc | quote }}
|
|
port: {{ print $port | b64enc | quote }}
|
|
bootstrap-servers: {{ join "," $bootstrapServers | b64enc | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.kraft.enabled }}
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ printf "%s-kraft-cluster-id" (include "common.names.fullname" .) }}
|
|
namespace: {{ include "common.names.namespace" . | quote }}
|
|
labels: {{- include "common.labels.standard" . | nindent 4 }}
|
|
{{- if .Values.commonLabels }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
{{- if .Values.commonAnnotations }}
|
|
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
type: Opaque
|
|
data:
|
|
kraft-cluster-id: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-kraft-cluster-id" (include "common.names.fullname" .)) "key" "kraft-cluster-id" "providedValues" (list "kraft.clusterId") "length" 22 "context" $) }}
|
|
{{- end }}
|