Skip to content

Commit

Permalink
fix(k8s): Add credentials to kafka-setup job and clean up (datahub-pr…
Browse files Browse the repository at this point in the history
  • Loading branch information
Dexter Lee authored Apr 18, 2021
1 parent 27a672e commit c46d842
Show file tree
Hide file tree
Showing 9 changed files with 115 additions and 64 deletions.
8 changes: 5 additions & 3 deletions contrib/kubernetes/datahub/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,9 @@ Current chart version is `0.1.2`

#### Optional Chart Values

| global.credentialsAndCertsSecretPath | string | `"/mnt/certs"` | |
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| global.credentialsAndCertsSecrets.path | string | `"/mnt/certs"` | |
| global.credentialsAndCertsSecrets.name | string | `""` | |
| global.credentialsAndCertsSecrets.secureEnv | string | `""` | |
| global.springKafkaConfigurationOverrides | string | `""` | |
| global.credentialsAndCertsSecrets.secureEnv | map | `{}` | |
| global.springKafkaConfigurationOverrides | map | `{}` | |
Original file line number Diff line number Diff line change
Expand Up @@ -26,17 +26,17 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
volumes:
{{- if .Values.extraVolumes }}
{{ toYaml .Values.extraVolumes | nindent 8 }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.exporters.jmx.enabled }}
- name: config-jmx-exporter
configMap:
name: {{ include "datahub-frontend.fullname" . }}-config-jmx-exporter
{{- end }}
initContainers:
{{- if .Values.extraInitContainers }}
{{- .Values.extraInitContainers | toYaml | nindent 6 }}
{{- with .Values.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
Expand Down Expand Up @@ -82,12 +82,12 @@ spec:
value: "{{ .Values.global.datahub.appVersion }}"
- name: DATAHUB_PLAY_MEM_BUFFER_SIZE
value: "{{ .Values.datahub.play.mem.buffer.size }}"
{{- if .Values.extraEnvs }}
{{ toYaml .Values.extraEnvs | nindent 12 }}
{{- with .Values.extraEnvs }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.extraVolumeMounts }}
{{ toYaml .Values.extraVolumeMounts | nindent 10 }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,23 +30,23 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
volumes:
{{- if .Values.global.credentialsAndCertsSecrets }}
{{- with .Values.global.credentialsAndCertsSecrets }}
- name: datahub-certs-dir
secret:
defaultMode: 256
secretName: {{ .Values.global.credentialsAndCertsSecrets.name }}
secretName: {{ .name }}
{{- end }}
{{- if .Values.exporters.jmx.enabled }}
- name: config-jmx-exporter
configMap:
name: {{ include "datahub-gms.fullname" . }}-config-jmx-exporter
{{- end }}
{{- if .Values.extraVolumes }}
{{ toYaml .Values.extraVolumes | nindent 8 }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
initContainers:
{{- if .Values.extraInitContainers }}
{{- .Values.extraInitContainers | toYaml | nindent 6 }}
{{- with .Values.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
Expand Down Expand Up @@ -120,16 +120,16 @@ spec:
key: {{ $envVarValue }}
{{- end }}
{{- end }}
{{- if .Values.extraEnvs }}
{{ toYaml .Values.extraEnvs | nindent 12 }}
{{- with .Values.extraEnvs }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.global.credentialsAndCertsSecrets }}
{{- with .Values.global.credentialsAndCertsSecrets }}
- name: datahub-certs-dir
mountPath: {{ .Values.global.credentialsAndCertsSecretPath | default "/mnt/certs" }}
mountPath: {{ .path | default "/mnt/certs" }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{ toYaml .Values.extraVolumeMounts | nindent 10 }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,23 +30,23 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
volumes:
{{- if .Values.global.credentialsAndCertsSecrets }}
{{- with .Values.global.credentialsAndCertsSecrets }}
- name: datahub-certs-dir
secret:
defaultMode: 256
secretName: {{ .Values.global.credentialsAndCertsSecrets.name }}
secretName: {{ .name }}
{{- end }}
{{- if .Values.exporters.jmx.enabled }}
- name: config-jmx-exporter
configMap:
name: {{ include "datahub-mae-consumer.fullname" . }}-config-jmx-exporter
{{- end }}
{{- if .Values.extraVolumes }}
{{ toYaml .Values.extraVolumes | nindent 8 }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
initContainers:
{{- if .Values.extraInitContainers }}
{{- .Values.extraInitContainers | toYaml | nindent 6 }}
{{- with .Values.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
Expand Down Expand Up @@ -103,16 +103,16 @@ spec:
key: {{ $envVarValue }}
{{- end }}
{{- end }}
{{- if .Values.extraEnvs }}
{{ toYaml .Values.extraEnvs | nindent 12 }}
{{- with .Values.extraEnvs }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.global.credentialsAndCertsSecrets }}
{{- with .Values.global.credentialsAndCertsSecrets }}
- name: datahub-certs-dir
mountPath: {{ .Values.global.credentialsAndCertsSecretPath | default "/mnt/certs" }}
mountPath: {{ .path | default "/mnt/certs" }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{ toYaml .Values.extraVolumeMounts | nindent 10 }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,12 @@ spec:
configMap:
name: {{ include "datahub-mce-consumer.fullname" . }}-config-jmx-exporter
{{- end }}
{{- if .Values.extraVolumes }}
{{ toYaml .Values.extraVolumes | nindent 8 }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
initContainers:
{{- if .Values.extraInitContainers }}
{{- .Values.extraInitContainers | toYaml | nindent 6 }}
{{- with .Values.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
Expand Down Expand Up @@ -92,16 +92,16 @@ spec:
key: {{ $envVarValue }}
{{- end }}
{{- end }}
{{- if .Values.extraEnvs }}
{{ toYaml .Values.extraEnvs | nindent 12 }}
{{- with .Values.extraEnvs }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.global.credentialsAndCertsSecrets }}
{{- with .Values.global.credentialsAndCertsSecrets }}
- name: datahub-certs-dir
mountPath: {{ .Values.global.credentialsAndCertsSecretPath | default "/mnt/certs" }}
mountPath: {{ .path | default "/mnt/certs" }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{ toYaml .Values.extraVolumeMounts | nindent 10 }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ spec:
{{- with .Values.elasticsearchSetupJob.serviceAccount }}
serviceAccountName: {{ . }}
{{- end }}
volumes:
{{- with .Values.elasticsearchSetupJob.extraVolumes }}
{{- toYaml . | nindent 8}}
{{- end }}
restartPolicy: Never
securityContext:
runAsUser: 1000
Expand All @@ -39,6 +43,10 @@ spec:
{{- with .Values.elasticsearchSetupJob.extraEnvs }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- with .Values.elasticsearchSetupJob.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
limits:
cpu: 500m
Expand Down
33 changes: 33 additions & 0 deletions contrib/kubernetes/datahub/templates/kafka-setup-job.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,16 @@ spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
volumes:
{{- with .Values.global.credentialsAndCertsSecrets }}
- name: datahub-certs-dir
secret:
defaultMode: 256
secretName: {{ .name }}
{{- end }}
{{- with .Values.kafkaSetupJob.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: kafka-setup-job
image: "{{ .Values.kafkaSetupJob.image.repository }}:{{ .Values.kafkaSetupJob.image.tag }}"
Expand All @@ -36,9 +46,32 @@ spec:
value: {{ .Values.global.kafka.zookeeper.server | quote }}
- name: KAFKA_BOOTSTRAP_SERVER
value: {{ .Values.global.kafka.bootstrap.server | quote }}
{{- if .Values.global.springKafkaConfigurationOverrides }}
{{- range $configName, $configValue := .Values.global.springKafkaConfigurationOverrides }}
- name: KAFKA_PROPERTIES_{{ $configName | replace "." "_" | upper }}
value: {{ $configValue }}
{{- end }}
{{- end }}
{{- if .Values.global.credentialsAndCertsSecrets }}
{{- range $envVarName, $envVarValue := .Values.global.credentialsAndCertsSecrets.secureEnv }}
- name: KAFKA_PROPERTIES_{{ $envVarName | replace "." "_" | upper }}
valueFrom:
secretKeyRef:
name: {{ $.Values.global.credentialsAndCertsSecrets.name }}
key: {{ $envVarValue }}
{{- end }}
{{- end }}
{{- with .Values.kafkaSetupJob.extraEnvs }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.global.credentialsAndCertsSecrets }}
- name: datahub-certs-dir
mountPath: {{ .Values.global.credentialsAndCertsSecretPath | default "/mnt/certs" }}
{{- end }}
{{- with .Values.kafkaSetupJob.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
limits:
cpu: 500m
Expand Down
8 changes: 8 additions & 0 deletions contrib/kubernetes/datahub/templates/mysql-setup-job.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ spec:
{{- with .Values.mysqlSetupJob.serviceAccount }}
serviceAccountName: {{ . }}
{{- end }}
volumes:
{{- with .Values.mysqlSetupJob.extraVolumes }}
{{- toYaml . | nindent 8}}
{{- end }}
restartPolicy: Never
securityContext:
runAsUser: 1000
Expand All @@ -46,6 +50,10 @@ spec:
{{- with .Values.mysqlSetupJob.extraEnvs }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- with .Values.mysqlSetupJob.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
limits:
cpu: 500m
Expand Down
38 changes: 19 additions & 19 deletions contrib/kubernetes/datahub/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -92,22 +92,22 @@ global:
- "elasticsearch"
- "neo4j"

# credentialsAndCertsSecretPath: /mnt/datahub/certs
# credentialsAndCertsSecrets:
# name: datahub-certs
# secureEnv:
# ssl.key.password: datahub.linkedin.com.KeyPass
# ssl.keystore.password: datahub.linkedin.com.KeyStorePass
# ssl.truststore.password: datahub.linkedin.com.TrustStorePass
# kafkastore.ssl.truststore.password: datahub.linkedin.com.TrustStorePass

# springKafkaConfigurationOverrides:
# ssl.keystore.location: /mnt/datahub/certs/datahub.linkedin.com.keystore.jks
# ssl.truststore.location: /mnt/datahub/certs/datahub.linkedin.com.truststore.jks
# kafkastore.ssl.truststore.location: /mnt/datahub/certs/datahub.linkedin.com.truststore.jks
# security.protocol: SSL
# kafkastore.security.protocol: SSL
# ssl.keystore.type: JKS
# ssl.truststore.type: JKS
# ssl.protocol: TLS
# ssl.endpoint.identification.algorithm:
# credentialsAndCertsSecrets:
# name: datahub-certs
# path: /mnt/datahub/certs
# secureEnv:
# ssl.key.password: datahub.linkedin.com.KeyPass
# ssl.keystore.password: datahub.linkedin.com.KeyStorePass
# ssl.truststore.password: datahub.linkedin.com.TrustStorePass
# kafkastore.ssl.truststore.password: datahub.linkedin.com.TrustStorePass
#
# springKafkaConfigurationOverrides:
# ssl.keystore.location: /mnt/datahub/certs/datahub.linkedin.com.keystore.jks
# ssl.truststore.location: /mnt/datahub/certs/datahub.linkedin.com.truststore.jks
# kafkastore.ssl.truststore.location: /mnt/datahub/certs/datahub.linkedin.com.truststore.jks
# security.protocol: SSL
# kafkastore.security.protocol: SSL
# ssl.keystore.type: JKS
# ssl.truststore.type: JKS
# ssl.protocol: TLS
# ssl.endpoint.identification.algorithm:

0 comments on commit c46d842

Please sign in to comment.