Merge branch 'main' into ae/533a

redpanda-data · Aug 8, 2023 · be57fbf · be57fbf
2 parents 68a1282 + d624930
commit be57fbf
Show file tree

Hide file tree

Showing 6 changed files with 72 additions and 10 deletions.
diff --git a/.github/workflows/nightly_version_checks.yaml b/.github/workflows/nightly_version_checks.yaml
@@ -26,6 +26,7 @@ jobs:
         chart:
           - redpanda
           - console
+          - operator
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v3

diff --git a/charts/connectors/Chart.yaml b/charts/connectors/Chart.yaml
@@ -23,7 +23,7 @@ type: application
 # The chart version and the app version are not the same and will not track
 # together. The chart version is a semver representation of changes to this
 # chart.
-version: 0.1.4
+version: 0.1.5
 
 # The app version is the default version of Redpanda Connectors to install.
 appVersion: v1.0.2

diff --git a/charts/connectors/templates/deployment.yaml b/charts/connectors/templates/deployment.yaml
@@ -80,6 +80,9 @@ spec:
   {{- with .Values.container.securityContext }}
     {{- toYaml . | nindent 12 }}
   {{- end }}
+        {{- with .Values.deployment.command }}
+          command: {{ toJson . }}
+        {{- end }}
           env:
             - name: CONNECT_CONFIGURATION
               value: |
@@ -145,6 +148,9 @@ spec:
             - name: CONNECT_TLS_AUTH_KEY
               value: {{ printf "key/%s" (default "tls.key" .Values.connectors.brokerTLS.key.secretNameOverwrite) }}
             {{- end }}
+            {{- with .Values.deployment.extraEnv }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
           livenessProbe:
             httpGet:
               path: /

diff --git a/charts/connectors/templates/tests/01-mm2-values.yaml b/charts/connectors/templates/tests/01-mm2-values.yaml
@@ -48,6 +48,39 @@ spec:
           {{- if .Values.connectors.brokerTLS.ca.secretRef }}
           rpk profile set tls.ca={{ printf "/redpanda-certs/%s" (default "ca.crt" .Values.connectors.brokerTLS.ca.secretNameOverwrite) }}
           {{- end }}
+
+          SASL_MECHANISM="PLAIN"
+          {{- if .Values.auth.sasl.enabled }}
+          set -e
+          set +x
+
+          IFS=: read -r CONNECT_SASL_USERNAME KAFKA_SASL_PASSWORD CONNECT_SASL_MECHANISM < $(find /mnt/users/* -print)
+          CONNECT_SASL_MECHANISM=${CONNECT_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}}
+          if [[ -n "$CONNECT_SASL_USERNAME" && -n "$KAFKA_SASL_PASSWORD" && -n "$CONNECT_SASL_MECHANISM" ]]; then
+            rpk profile set user=$CONNECT_SASL_USERNAME pass=$KAFKA_SASL_PASSWORD sasl.mechanism=$CONNECT_SASL_MECHANISM
+            SASL_MECHANISM=$CONNECT_SASL_MECHANISM
+            JAAS_CONFIG_SOURCE="\"source.cluster.sasl.jaas.config\": \"org.apache.kafka.common.security.scram.ScramLoginModule required username=\\\\"\"${CONNECT_SASL_USERNAME}\\\\"\" password=\\\\"\"${KAFKA_SASL_PASSWORD}\\\\"\";\","
+            JAAS_CONFIG_TARGET="\"target.cluster.sasl.jaas.config\": \"org.apache.kafka.common.security.scram.ScramLoginModule required username=\\\\"\"${CONNECT_SASL_USERNAME}\\\\"\" password=\\\\"\"${KAFKA_SASL_PASSWORD}\\\\"\";\","
+          fi
+
+          set -x
+          set +e
+          {{- end }}
+
+          {{- if .Values.connectors.brokerTLS.enabled }}
+          CONNECT_TLS_ENABLED=true
+          {{- else }}
+          CONNECT_TLS_ENABLED=false
+          {{- end }}
+          SECURITY_PROTOCOL=PLAINTEXT
+          if [[ -n "$CONNECT_SASL_MECHANISM" && $CONNECT_TLS_ENABLED == "true" ]]; then
+            SECURITY_PROTOCOL="SASL_SSL"
+          elif [[ -n "$CONNECT_SASL_MECHANISM" ]]; then
+            SECURITY_PROTOCOL="SASL_PLAINTEXT"
+          elif [[ $CONNECT_TLS_ENABLED == "true" ]]; then
+            SECURITY_PROTOCOL="SSL"
+          fi
+
           rpk topic list
           rpk topic create test-topic
           rpk topic list
@@ -64,6 +97,7 @@ spec:
               "tasks.max": "1",
               "source.cluster.bootstrap.servers": {{ .Values.connectors.bootstrapServers | quote }},
               "target.cluster.bootstrap.servers": {{ .Values.connectors.bootstrapServers | quote }},
+              "target.cluster.alias": "test-only",
               "source.cluster.alias": "source",
               "key.converter": "org.apache.kafka.connect.converters.ByteArrayConverter",
               "value.converter": "org.apache.kafka.connect.converters.ByteArrayConverter",
@@ -75,15 +109,24 @@ spec:
               "target.cluster.ssl.truststore.type": "PEM",
               "source.cluster.ssl.truststore.location": {{ printf "/opt/kafka/connect-certs/ca/%s" (default "ca.crt" .Values.connectors.brokerTLS.ca.secretNameOverwrite) | quote }},
               "target.cluster.ssl.truststore.location": {{ printf "/opt/kafka/connect-certs/ca/%s" (default "ca.crt" .Values.connectors.brokerTLS.ca.secretNameOverwrite) | quote }},
-              "source.cluster.security.protocol": {{ ternary "SSL" "PLAINTEXT" .Values.connectors.brokerTLS.enabled | quote }},
-              "target.cluster.security.protocol": {{ ternary "SSL" "PLAINTEXT" .Values.connectors.brokerTLS.enabled | quote }},
-              "source.cluster.sasl.mechanism": "PLAIN",
-              "target.cluster.sasl.mechanism": "PLAIN"
+              JAAS_CONFIG_SOURCE
+              JAAS_CONFIG_TARGET
+              "source.cluster.security.protocol": "SECURITY_PROTOCOL",
+              "target.cluster.security.protocol": "SECURITY_PROTOCOL",
+              "source.cluster.sasl.mechanism": "SASL_MECHANISM",
+              "target.cluster.sasl.mechanism": "SASL_MECHANISM",
+              "offset-syncs.topic.replication.factor": 1
             }
           }
           EOF
 
           sed -i "s/CONNECTOR_NAME/$CONNECTOR_NAME/g" /tmp/mm2-conf.json
+          sed -i "s/SASL_MECHANISM/$SASL_MECHANISM/g" /tmp/mm2-conf.json
+          sed -i "s/SECURITY_PROTOCOL/$SECURITY_PROTOCOL/g" /tmp/mm2-conf.json
+          set +x
+          sed -i "s/JAAS_CONFIG_SOURCE/$JAAS_CONFIG_SOURCE/g" /tmp/mm2-conf.json
+          sed -i "s/JAAS_CONFIG_TARGET/$JAAS_CONFIG_TARGET/g" /tmp/mm2-conf.json
+          set -x
 
           max_iteration=10
           for i in $(seq 1 $max_iteration)
@@ -102,7 +145,7 @@ spec:
 
           if [[ $result -ne 0 ]]
           then
-            echo "mm2 connector can not be destroyed!!!"
+            echo "mm2 connector can not be created!!!"
             exit 1
           fi
 
@@ -130,15 +173,19 @@ spec:
 
           curl http://{{ include "connectors.serviceName" . }}:{{ .Values.connectors.restPort }}/connectors && echo
 
-          rpk topic delete test-topic source.test-topic mm2-offset-syncs.target.internal
-  {{- if .Values.connectors.brokerTLS.ca.secretRef }}
+          rpk topic delete test-topic source.test-topic mm2-offset-syncs.test-only.internal
       volumeMounts:
+  {{- if .Values.connectors.brokerTLS.ca.secretRef }}
         - mountPath: /redpanda-certs
           name: redpanda-ca
+  {{- end }}
+  {{- toYaml .Values.storage.volumeMounts | nindent 8 }}
   volumes:
+  {{- if .Values.connectors.brokerTLS.ca.secretRef }}
     - name: redpanda-ca
       secret:
         defaultMode: 0444
         secretName: {{ .Values.connectors.brokerTLS.ca.secretRef }}
   {{- end }}
+  {{- toYaml .Values.storage.volume | nindent 4 }}
 {{- end }}
diff --git a/charts/connectors/values.yaml b/charts/connectors/values.yaml
@@ -117,6 +117,7 @@ connectors:
 # see the [SASL documentation](https://docs.redpanda.com/docs/manage/kubernetes/security/sasl-kubernetes/).
 auth:
   sasl:
+    enabled: false
     # -- The authentication mechanism to use for the superuser. Options are `scram-sha-256` and `scram-sha-512`.
     mechanism: scram-sha-512
     # -- A Secret that contains your SASL user password.
@@ -159,6 +160,8 @@ container:
 
 deployment:
   create: true
+  # Command could be used to change the entrypoint for connectors deployment.
+  # command: []
   strategy:
     type: RollingUpdate
   schedulerName: ""
@@ -184,6 +187,11 @@ deployment:
     successThreshold: 3
     timeoutSeconds: 5
 
+  # -- Additional environment variables for the Connectors Deployment.
+  extraEnv: []
+  # - name: RACK_ID
+  #   value: "1"
+
   # -- The maximum time in seconds for a deployment to make progress before it is
   #    considered to be failed. The deployment controller will continue to process
   #    failed deployments and a condition with a ProgressDeadlineExceeded reason

diff --git a/charts/operator/Chart.yaml b/charts/operator/Chart.yaml
@@ -4,11 +4,11 @@ description: Redpanda operator helm chart
 type: application
 
 # This is the chart version. This is only placeholder that will be set during release process
-version: 0.3.9
+version: 0.3.10
 
 # This is the version number of the application being deployed. This is only placeholder that
 # will be set during release process.
-appVersion: v23.2.2
+appVersion: v23.2.4
 
 home: https://vectorized.io
 sources: