Search in sources :

Example 1 with ManagedKafka

use of org.bf2.operator.resources.v1alpha1.ManagedKafka in project kas-fleetshard by bf2fc6cc711aee1a0c2a.

the class AbstractKafkaCluster method getReadiness.

@Override
public OperandReadiness getReadiness(ManagedKafka managedKafka) {
    Kafka kafka = cachedKafka(managedKafka);
    if (kafka == null) {
        return new OperandReadiness(Status.False, Reason.Installing, String.format("Kafka %s does not exist", kafkaClusterName(managedKafka)));
    }
    Optional<Condition> notReady = kafkaCondition(kafka, c -> "NotReady".equals(c.getType()));
    if (notReady.filter(c -> "True".equals(c.getStatus())).isPresent()) {
        Condition c = notReady.get();
        return new OperandReadiness(Status.False, "Creating".equals(c.getReason()) ? Reason.Installing : Reason.Error, c.getMessage());
    }
    if (isStrimziUpdating(managedKafka)) {
        // the status here is actually unknown
        return new OperandReadiness(Status.True, Reason.StrimziUpdating, null);
    }
    if (isKafkaUpdating(managedKafka) || isKafkaUpgradeStabilityChecking(managedKafka)) {
        return new OperandReadiness(Status.True, Reason.KafkaUpdating, null);
    }
    if (isKafkaIbpUpdating(managedKafka)) {
        return new OperandReadiness(Status.True, Reason.KafkaIbpUpdating, null);
    }
    Optional<Condition> ready = kafkaCondition(kafka, c -> "Ready".equals(c.getType()));
    if (ready.filter(c -> "True".equals(c.getStatus())).isPresent()) {
        return new OperandReadiness(Status.True, null, null);
    }
    if (isReconciliationPaused(managedKafka)) {
        // strimzi may in the future report the status even when paused, but for now we don't know
        return new OperandReadiness(Status.Unknown, Reason.Paused, String.format("Kafka %s is paused for an unknown reason", kafkaClusterName(managedKafka)));
    }
    return new OperandReadiness(Status.False, Reason.Installing, String.format("Kafka %s is not providing status", kafkaClusterName(managedKafka)));
}
Also used : Condition(io.strimzi.api.kafka.model.status.Condition) Quantity(io.fabric8.kubernetes.api.model.Quantity) Context(io.javaoperatorsdk.operator.api.Context) KafkaStatus(io.strimzi.api.kafka.model.status.KafkaStatus) GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) Arrays(java.util.Arrays) GenericSecretSource(io.strimzi.api.kafka.model.GenericSecretSource) Status(org.bf2.operator.resources.v1alpha1.ManagedKafkaCondition.Status) Logger(org.jboss.logging.Logger) KafkaListenerAuthentication(io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication) StrimziManager(org.bf2.operator.managers.StrimziManager) GenericKafkaListenerConfigurationBrokerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBrokerBuilder) GenericKafkaListenerConfigurationBootstrapBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrapBuilder) Function(java.util.function.Function) ArrayList(java.util.ArrayList) Inject(javax.inject.Inject) CertAndKeySecretSourceBuilder(io.strimzi.api.kafka.model.CertAndKeySecretSourceBuilder) GenericKafkaListenerConfigurationBroker(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBroker) SecuritySecretManager(org.bf2.operator.managers.SecuritySecretManager) Map(java.util.Map) KafkaManager(org.bf2.operator.managers.KafkaManager) KafkaResourceClient(org.bf2.operator.clients.KafkaResourceClient) CertAndKeySecretSource(io.strimzi.api.kafka.model.CertAndKeySecretSource) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) Predicate(java.util.function.Predicate) Pod(io.fabric8.kubernetes.api.model.Pod) InformerManager(org.bf2.operator.managers.InformerManager) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Reason(org.bf2.operator.resources.v1alpha1.ManagedKafkaCondition.Reason) OpenShiftClient(io.fabric8.openshift.client.OpenShiftClient) ManagedKafkaAuthenticationOAuth(org.bf2.operator.resources.v1alpha1.ManagedKafkaAuthenticationOAuth) Objects(java.util.Objects) List(java.util.List) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) GenericSecretSourceBuilder(io.strimzi.api.kafka.model.GenericSecretSourceBuilder) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder) Optional(java.util.Optional) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) Condition(io.strimzi.api.kafka.model.status.Condition) ConfigProperty(org.eclipse.microprofile.config.inject.ConfigProperty) Kafka(io.strimzi.api.kafka.model.Kafka) ManagedKafka(org.bf2.operator.resources.v1alpha1.ManagedKafka) Collections(java.util.Collections) GenericKafkaListenerConfigurationBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBuilder) Kafka(io.strimzi.api.kafka.model.Kafka) ManagedKafka(org.bf2.operator.resources.v1alpha1.ManagedKafka)

Example 2 with ManagedKafka

use of org.bf2.operator.resources.v1alpha1.ManagedKafka in project kas-fleetshard by bf2fc6cc711aee1a0c2a.

the class AbstractKafkaCluster method buildListeners.

protected List<GenericKafkaListener> buildListeners(ManagedKafka managedKafka, int replicas) {
    KafkaListenerAuthentication plainOverOauthAuthenticationListener = null;
    KafkaListenerAuthentication oauthAuthenticationListener = null;
    if (SecuritySecretManager.isKafkaAuthenticationEnabled(managedKafka)) {
        ManagedKafkaAuthenticationOAuth managedKafkaAuthenticationOAuth = managedKafka.getSpec().getOauth();
        CertSecretSource ssoTlsCertSecretSource = buildSsoTlsCertSecretSource(managedKafka);
        KafkaListenerAuthenticationOAuthBuilder plainOverOauthAuthenticationListenerBuilder = new KafkaListenerAuthenticationOAuthBuilder().withClientId(managedKafkaAuthenticationOAuth.getClientId()).withJwksEndpointUri(managedKafkaAuthenticationOAuth.getJwksEndpointURI()).withUserNameClaim(managedKafkaAuthenticationOAuth.getUserNameClaim()).withFallbackUserNameClaim(managedKafkaAuthenticationOAuth.getFallbackUserNameClaim()).withCustomClaimCheck(managedKafkaAuthenticationOAuth.getCustomClaimCheck()).withValidIssuerUri(managedKafkaAuthenticationOAuth.getValidIssuerEndpointURI()).withClientSecret(buildSsoClientGenericSecretSource(managedKafka)).withEnablePlain(true).withTokenEndpointUri(managedKafkaAuthenticationOAuth.getTokenEndpointURI());
        if (ssoTlsCertSecretSource != null) {
            plainOverOauthAuthenticationListenerBuilder.withTlsTrustedCertificates(ssoTlsCertSecretSource);
        }
        plainOverOauthAuthenticationListener = plainOverOauthAuthenticationListenerBuilder.build();
        KafkaListenerAuthenticationOAuthBuilder oauthAuthenticationListenerBuilder = new KafkaListenerAuthenticationOAuthBuilder().withClientId(managedKafkaAuthenticationOAuth.getClientId()).withJwksEndpointUri(managedKafkaAuthenticationOAuth.getJwksEndpointURI()).withUserNameClaim(managedKafkaAuthenticationOAuth.getUserNameClaim()).withFallbackUserNameClaim(managedKafkaAuthenticationOAuth.getFallbackUserNameClaim()).withCustomClaimCheck(managedKafkaAuthenticationOAuth.getCustomClaimCheck()).withValidIssuerUri(managedKafkaAuthenticationOAuth.getValidIssuerEndpointURI()).withClientSecret(buildSsoClientGenericSecretSource(managedKafka));
        if (ssoTlsCertSecretSource != null) {
            oauthAuthenticationListenerBuilder.withTlsTrustedCertificates(ssoTlsCertSecretSource);
        }
        oauthAuthenticationListener = oauthAuthenticationListenerBuilder.build();
    }
    KafkaListenerType externalListenerType = kubernetesClient.isAdaptable(OpenShiftClient.class) ? KafkaListenerType.ROUTE : KafkaListenerType.INGRESS;
    // Limit client connections per listener
    Integer totalMaxConnections = Objects.requireNonNullElse(managedKafka.getSpec().getCapacity().getTotalMaxConnections(), this.config.getKafka().getMaxConnections()) / replicas;
    // Limit connection attempts per listener
    Integer maxConnectionAttemptsPerSec = Objects.requireNonNullElse(managedKafka.getSpec().getCapacity().getMaxConnectionAttemptsPerSec(), this.config.getKafka().getConnectionAttemptsPerSec()) / replicas;
    GenericKafkaListenerConfigurationBuilder listenerConfigBuilder = new GenericKafkaListenerConfigurationBuilder().withBootstrap(new GenericKafkaListenerConfigurationBootstrapBuilder().withHost(managedKafka.getSpec().getEndpoint().getBootstrapServerHost()).withAnnotations(Map.of("haproxy.router.openshift.io/balance", "leastconn")).build()).withBrokers(buildBrokerOverrides(managedKafka, replicas)).withBrokerCertChainAndKey(buildTlsCertAndKeySecretSource(managedKafka)).withMaxConnections(totalMaxConnections).withMaxConnectionCreationRate(maxConnectionAttemptsPerSec);
    return Arrays.asList(new GenericKafkaListenerBuilder().withName(EXTERNAL_LISTENER_NAME).withPort(9094).withType(externalListenerType).withTls(true).withAuth(plainOverOauthAuthenticationListener).withConfiguration(listenerConfigBuilder.build()).build(), new GenericKafkaListenerBuilder().withName("oauth").withPort(9095).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(oauthAuthenticationListener).withNetworkPolicyPeers(new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels("app", AbstractAdminServer.adminServerName(managedKafka)).endPodSelector().build()).build(), new GenericKafkaListenerBuilder().withName("sre").withPort(9096).withType(KafkaListenerType.INTERNAL).withTls(false).build());
}
Also used : KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) GenericKafkaListenerConfigurationBootstrapBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrapBuilder) GenericKafkaListenerConfigurationBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBuilder) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) OpenShiftClient(io.fabric8.openshift.client.OpenShiftClient) ManagedKafkaAuthenticationOAuth(org.bf2.operator.resources.v1alpha1.ManagedKafkaAuthenticationOAuth) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder) KafkaListenerAuthentication(io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder)

Example 3 with ManagedKafka

use of org.bf2.operator.resources.v1alpha1.ManagedKafka in project kas-fleetshard by bf2fc6cc711aee1a0c2a.

the class AbstractKafkaCluster method isKafkaAnnotationUpdating.

private boolean isKafkaAnnotationUpdating(ManagedKafka managedKafka, String annotation, Function<Kafka, String> valueSupplier) {
    Kafka kafka = cachedKafka(managedKafka);
    if (kafka == null) {
        return false;
    }
    List<Pod> kafkaPods = kubernetesClient.pods().inNamespace(kafka.getMetadata().getNamespace()).withLabel("strimzi.io/name", kafka.getMetadata().getName() + "-kafka").list().getItems();
    boolean isKafkaAnnotationUpdating = false;
    String expectedValue = valueSupplier.apply(kafka);
    for (Pod kafkaPod : kafkaPods) {
        String annotationValueOnPod = Optional.ofNullable(kafkaPod.getMetadata().getAnnotations()).map(annotations -> annotations.get(annotation)).orElse(null);
        if (annotationValueOnPod == null) {
            log.errorf("Kafka pod [%s] is missing annotation '%s'", kafkaPod.getMetadata().getName(), annotation);
            throw new RuntimeException();
        }
        log.tracef("Kafka pod [%s] annotation '%s' = %s [expected value %s]", kafkaPod.getMetadata().getName(), annotation, annotationValueOnPod, expectedValue);
        isKafkaAnnotationUpdating |= !annotationValueOnPod.equals(expectedValue);
        if (isKafkaAnnotationUpdating) {
            break;
        }
    }
    return isKafkaAnnotationUpdating;
}
Also used : Quantity(io.fabric8.kubernetes.api.model.Quantity) Context(io.javaoperatorsdk.operator.api.Context) KafkaStatus(io.strimzi.api.kafka.model.status.KafkaStatus) GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) Arrays(java.util.Arrays) GenericSecretSource(io.strimzi.api.kafka.model.GenericSecretSource) Status(org.bf2.operator.resources.v1alpha1.ManagedKafkaCondition.Status) Logger(org.jboss.logging.Logger) KafkaListenerAuthentication(io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication) StrimziManager(org.bf2.operator.managers.StrimziManager) GenericKafkaListenerConfigurationBrokerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBrokerBuilder) GenericKafkaListenerConfigurationBootstrapBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrapBuilder) Function(java.util.function.Function) ArrayList(java.util.ArrayList) Inject(javax.inject.Inject) CertAndKeySecretSourceBuilder(io.strimzi.api.kafka.model.CertAndKeySecretSourceBuilder) GenericKafkaListenerConfigurationBroker(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBroker) SecuritySecretManager(org.bf2.operator.managers.SecuritySecretManager) Map(java.util.Map) KafkaManager(org.bf2.operator.managers.KafkaManager) KafkaResourceClient(org.bf2.operator.clients.KafkaResourceClient) CertAndKeySecretSource(io.strimzi.api.kafka.model.CertAndKeySecretSource) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) Predicate(java.util.function.Predicate) Pod(io.fabric8.kubernetes.api.model.Pod) InformerManager(org.bf2.operator.managers.InformerManager) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Reason(org.bf2.operator.resources.v1alpha1.ManagedKafkaCondition.Reason) OpenShiftClient(io.fabric8.openshift.client.OpenShiftClient) ManagedKafkaAuthenticationOAuth(org.bf2.operator.resources.v1alpha1.ManagedKafkaAuthenticationOAuth) Objects(java.util.Objects) List(java.util.List) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) GenericSecretSourceBuilder(io.strimzi.api.kafka.model.GenericSecretSourceBuilder) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder) Optional(java.util.Optional) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) Condition(io.strimzi.api.kafka.model.status.Condition) ConfigProperty(org.eclipse.microprofile.config.inject.ConfigProperty) Kafka(io.strimzi.api.kafka.model.Kafka) ManagedKafka(org.bf2.operator.resources.v1alpha1.ManagedKafka) Collections(java.util.Collections) GenericKafkaListenerConfigurationBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBuilder) Pod(io.fabric8.kubernetes.api.model.Pod) Kafka(io.strimzi.api.kafka.model.Kafka) ManagedKafka(org.bf2.operator.resources.v1alpha1.ManagedKafka)

Example 4 with ManagedKafka

use of org.bf2.operator.resources.v1alpha1.ManagedKafka in project kas-fleetshard by bf2fc6cc711aee1a0c2a.

the class AdminServer method buildAnnotations.

private Map<String, String> buildAnnotations(ManagedKafka managedKafka) {
    List<String> dependsOnSecrets = new ArrayList<>();
    dependsOnSecrets.add(SecuritySecretManager.strimziClusterCaCertSecret(managedKafka));
    if (SecuritySecretManager.isKafkaExternalCertificateEnabled(managedKafka)) {
        dependsOnSecrets.add(SecuritySecretManager.kafkaTlsSecretName(managedKafka));
    }
    if (SecuritySecretManager.isKafkaAuthenticationEnabled(managedKafka)) {
        ManagedKafkaAuthenticationOAuth oauth = managedKafka.getSpec().getOauth();
        if (oauth.getTlsTrustedCertificate() != null) {
            dependsOnSecrets.add(SecuritySecretManager.ssoTlsSecretName(managedKafka));
        }
    }
    return Map.of(SecuritySecretManager.ANNOTATION_SECRET_DEP_DIGEST, securitySecretManager.digestSecretsVersions(managedKafka, dependsOnSecrets));
}
Also used : ArrayList(java.util.ArrayList) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) ManagedKafkaAuthenticationOAuth(org.bf2.operator.resources.v1alpha1.ManagedKafkaAuthenticationOAuth)

Example 5 with ManagedKafka

use of org.bf2.operator.resources.v1alpha1.ManagedKafka in project kas-fleetshard by bf2fc6cc711aee1a0c2a.

the class AdminServer method buildEnvVar.

private List<EnvVar> buildEnvVar(ManagedKafka managedKafka) {
    List<EnvVar> envVars = new ArrayList<>();
    addEnvVar(envVars, "KAFKA_ADMIN_REPLICATION_FACTOR", String.valueOf(config.getKafka().getScalingAndReplicationFactor()));
    addEnvVar(envVars, "KAFKA_ADMIN_BOOTSTRAP_SERVERS", managedKafka.getMetadata().getName() + "-kafka-bootstrap:9095");
    addEnvVar(envVars, "KAFKA_ADMIN_BROKER_TLS_ENABLED", "true");
    addEnvVarSecret(envVars, "KAFKA_ADMIN_BROKER_TRUSTED_CERT", SecuritySecretManager.strimziClusterCaCertSecret(managedKafka), "ca.crt");
    addEnvVar(envVars, "KAFKA_ADMIN_ACL_RESOURCE_OPERATIONS", this.config.getKafka().getAcl().getResourceOperations());
    Integer maxPartitions = managedKafka.getSpec().getCapacity().getMaxPartitions();
    if (maxPartitions != null) {
        addEnvVar(envVars, "KAFKA_ADMIN_NUM_PARTITIONS_MAX", maxPartitions.toString());
    }
    if (SecuritySecretManager.isKafkaExternalCertificateEnabled(managedKafka)) {
        addEnvVar(envVars, "KAFKA_ADMIN_TLS_CERT", TLS_CONFIG_MOUNT_PATH + "tls.crt");
        addEnvVar(envVars, "KAFKA_ADMIN_TLS_KEY", TLS_CONFIG_MOUNT_PATH + "tls.key");
        addEnvVar(envVars, "KAFKA_ADMIN_TLS_VERSION", "TLSv1.3,TLSv1.2");
    }
    if (SecuritySecretManager.isKafkaAuthenticationEnabled(managedKafka)) {
        ManagedKafkaAuthenticationOAuth oauth = managedKafka.getSpec().getOauth();
        if (oauth.getTlsTrustedCertificate() != null) {
            addEnvVarSecret(envVars, "KAFKA_ADMIN_OAUTH_TRUSTED_CERT", SecuritySecretManager.ssoTlsSecretName(managedKafka), "keycloak.crt");
        }
        addEnvVar(envVars, "KAFKA_ADMIN_OAUTH_JWKS_ENDPOINT_URI", oauth.getJwksEndpointURI());
        addEnvVar(envVars, "KAFKA_ADMIN_OAUTH_VALID_ISSUER_URI", oauth.getValidIssuerEndpointURI());
        addEnvVar(envVars, "KAFKA_ADMIN_OAUTH_TOKEN_ENDPOINT_URI", oauth.getTokenEndpointURI());
    } else {
        addEnvVar(envVars, "KAFKA_ADMIN_OAUTH_ENABLED", "false");
    }
    if (corsAllowList.isPresent()) {
        addEnvVar(envVars, "CORS_ALLOW_LIST_REGEX", corsAllowList.get());
    }
    return envVars;
}
Also used : ArrayList(java.util.ArrayList) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) ManagedKafkaAuthenticationOAuth(org.bf2.operator.resources.v1alpha1.ManagedKafkaAuthenticationOAuth)

Aggregations

ManagedKafka (org.bf2.operator.resources.v1alpha1.ManagedKafka)67 Kafka (io.strimzi.api.kafka.model.Kafka)30 Test (org.junit.jupiter.api.Test)24 QuarkusTest (io.quarkus.test.junit.QuarkusTest)23 List (java.util.List)16 Map (java.util.Map)15 Inject (javax.inject.Inject)15 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)15 Objects (java.util.Objects)14 Quantity (io.fabric8.kubernetes.api.model.Quantity)11 Optional (java.util.Optional)11 Collectors (java.util.stream.Collectors)10 ApplicationScoped (javax.enterprise.context.ApplicationScoped)9 StrimziManager (org.bf2.operator.managers.StrimziManager)9 Logger (org.jboss.logging.Logger)9 KubernetesClient (io.fabric8.kubernetes.client.KubernetesClient)8 ArrayList (java.util.ArrayList)8 Reason (org.bf2.operator.resources.v1alpha1.ManagedKafkaCondition.Reason)8 Status (org.bf2.operator.resources.v1alpha1.ManagedKafkaCondition.Status)8 ManagedKafkaUtils.exampleManagedKafka (org.bf2.operator.utils.ManagedKafkaUtils.exampleManagedKafka)8