Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable per kafka listener sasl #6940

Merged
merged 29 commits into from
Oct 31, 2022
Merged

Enable per kafka listener sasl #6940

merged 29 commits into from
Oct 31, 2022

Commits on Oct 30, 2022

  1. k8s: Update Makefile targets 

    New kubebuilder (version 3.7.0) updated how dependnecies (clis) are downloaded.
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    4cb25bc View commit details
    Browse the repository at this point in the history

  2. k8s: Extend Kafka authorization method 

    With changes to authorization configuration options the CRD is updated.

REF:
redpanda-data#5292
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    be3b90f View commit details
    Browse the repository at this point in the history

  3. k8s: Add authorized method webhook with test

    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    24a2231 View commit details
    Browse the repository at this point in the history

  4. k8s: Generate CRD definition

    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    c206592 View commit details
    Browse the repository at this point in the history

  5. k8s: Replace deprecated reference on enable_sasl with function

    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    b519d6f View commit details
    Browse the repository at this point in the history

  6. k8s: Implement new authorization configuration options 

    From 22.2.1 configuration can set per kafka listener.

REF:
https://github.com/redpanda-data/redpanda/releases/tag/v22.2.1
redpanda-data#5292
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    01d76db View commit details
    Browse the repository at this point in the history

  7. k8s: Create feature gate for new SASL per listener feature

    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    bef9d62 View commit details
    Browse the repository at this point in the history

  8. k8s: Extend PandaProxy authorization method 

    With changes to authorization configuration options the CRD is updated.

REF:
redpanda-data#6452
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    159b717 View commit details
    Browse the repository at this point in the history

  9. k8s: Generate CRD definition after adding pp authentication method

    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    4e60cb7 View commit details
    Browse the repository at this point in the history

  10. k8s: Extend schema registry authorization method 

    With changes to authorization configuration options the CRD is updated.

REF:
redpanda-data#6639
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    d4bc3c8 View commit details
    Browse the repository at this point in the history

  11. k8s: Generate CRD definition after adding sr authentication method

    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    3739a2c View commit details
    Browse the repository at this point in the history

  12. rpk: Change pandaproxy configuration options 

    The authentication_method is now available in pandaproxy.
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    10c1068 View commit details
    Browse the repository at this point in the history

  13. rpk: Change schema registry configuration options 

    The authentication_method is now available in schema registry.
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    bc9f5fa View commit details
    Browse the repository at this point in the history

  14. k8s: Add authorization method in panda proxy configuration

    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    6dcfcb3 View commit details
    Browse the repository at this point in the history

  15. k8s: Add authorization method in schema registry configuration

    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    ffdc589 View commit details
    Browse the repository at this point in the history

  16. k8s: Change SASL configuration in pp e2e test

    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    5f9c534 View commit details
    Browse the repository at this point in the history

  17. k8s: Run gofmpt against operator code base

    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    6e1dd34 View commit details
    Browse the repository at this point in the history

  18. k8s: Clean console controller tests 

    The ginkgo and gomega tests where asserting too much in one check.
Errors where not clear as there were 4 boolean checks.
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    9ad0859 View commit details
    Browse the repository at this point in the history

  19. k8s: Bump kuttle test version

    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    18e0a5c View commit details
    Browse the repository at this point in the history

  20. k8s: Load redpanda container in kindContainers

    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    2831119 View commit details
    Browse the repository at this point in the history

  21. k8s: Use configurator from source code 

    Previously, the configurator was downloaded from docker hub. Now operator is
creating Redpanda clusters with `localhost/configurator:dev` container.
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    daee21f View commit details
    Browse the repository at this point in the history

  22. k8s: Add schema registry e2e tests using http basic authenticationMethod

    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    8cd9034 View commit details
    Browse the repository at this point in the history

  23. k8s: Remove crlfmt formatter 

    The gofumpt is used now.

REF: redpanda-data#4665
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    1c150d3 View commit details
    Browse the repository at this point in the history

  24. k8s: Create more traces for console configuration changes 

    When console configuration or config map metadata should be change, then
tracing that is hard based on only operator logs. This change adds context to
action that are taken in reconciliation function.l
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    e4d0bc2 View commit details
    Browse the repository at this point in the history

  25. k8s: Bump certificate manager verification timeout 

    In not so much good internet connection, waiting 2 minutes for config manager
to became ready is not enough.
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    3afabea View commit details
    Browse the repository at this point in the history

  26. k8s: Change decommission deployment of operator 

    When deployment was changed, so that it uses new kustomize overlay, then the
decommission deployment needs to be adjusted as containers where reorder and
bring back the 'good' configuration was not valid anymore.
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    f8ecfd2 View commit details
    Browse the repository at this point in the history

  27. k8s: Change update configuration image test 

    As the current e2e test setup is using localhost/configurator:dev container
image definition, the previous step to add configurator tag command argument
was not valid anymore. It was easier to not fight with `kubectl patch` command,
but declare whole operator deployment to correctly set the configurator image.
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    b866556 View commit details
    Browse the repository at this point in the history

  28. k8s: Add update secret verb to cluster role 

    The console secret synchronizer was not able to update schema registry secret
after cert manager updated schema registry secret for Redpanda cluster.

REF:
```
2022-10-30T21:32:49.741Z	ERROR	controller.console	Reconciler error	{"reconciler group": "redpanda.vectorized.io", "reconciler kind": "Console", "name": "console", "namespace": "console", "error": "updating Console synced secret &Secret{ObjectMeta:{console-schema-registry  console   2331 0 0001-01-01 00:00:00 +0000 UTC <nil> <nil> map[app.kubernetes.io/component:console app.kubernetes.io/instance:console app.kubernetes.io/managed-by:redpanda-operator app.kubernetes.io/name:redpanda-console app.kubernetes.io/part-of:redpanda-console test.redpanda.vectorized.io/name:updating-console] map[banzaicloud.com/last-applied:UEsDBBQACAAIAAAAAAAAAAAAAAAAAAAAAAAIAAAAb3JpZ2luYWyEkcFO8zAQhN9lz3F+NepPSq5wRwKJC+KwtqetVce27E1RqfLuKNBWpSpws8bf7Oxq9sTJPSMXFwN1tJ1RRRsXLHX0BJMhVFEPYcvC1O3Js4Yv04tTqjeDRg4QlNrFfyb2KQYEoY5MDCV6UHWFc6EIB4M/sJ4Dr2CV3lFHGTZxsKxiQmaJ+aolcI9z+LfxibOouLyOC4rUR73ewkjM7h32LGRIlsWF1ck1VnT4OiiqmDV6VhkrVyTv6AsoiS9uj28B+RFLZASDQt3LRS0/bLKdsU9rnjrTPprNwzTnHh7yaZM8oJpiJEfvkY/Kod+7U/73tamiwU1AaxbNvGla1WozV/NFo5VuWyj9f3FrGTctL1saX8fxIwAA//9QSwcIaDwarhoBAABFAgAAUEsBAhQAFAAIAAgAAAAAAGg8Gq4aAQAARQIAAAgAAAAAAAAAAAAAAAAAAAAAAG9yaWdpbmFsUEsFBgAAAAABAAEANgAAAFABAAAAAA==] [{redpanda.vectorized.io/v1alpha1 Console console 7c824227-7bc4-482b-b77e-b589dae67af7 0xc000db6e01 0xc000db6e00}] []  []},Data:map[string][]byte{},Type:,StringData:map[string]string{},Immutable:nil,}: failed to update resource: secrets \"console-schema-registry\" is forbidden: User \"system:serviceaccount:redpanda-system:default\" cannot update resource \"secrets\" in API group \"\" in the namespace \"console\""}
```
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    962cd27 View commit details
    Browse the repository at this point in the history

  29. k8s: Add delete config map verb to cluster role 

    The console config map is immutable and any change into console resource spec
will increment console resource generation. That will trigger a operator
reconciliation loop which will create new configmap and delete old one if there
will be no errors between k8s api server and operator.

REF:
```
2022-10-30T21:52:05.336Z	ERROR	controller.console	Reconciler error	{"reconciler group": "redpanda.vectorized.io", "reconciler kind": "Console", "name": "console", "namespace": "console", "error": "deleting unused configmaps: configmaps \"console-7wtlg\" is forbidden: User \"system:serviceaccount:redpanda-system:default\" cannot delete resource \"configmaps\" in API group \"\" in the namespace \"console\""}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.7/pkg/internal/controller/controller.go:214
```
    Rafal Korepta committed Oct 30, 2022
    Configuration menu
    Copy the full SHA
    b65e9a1 View commit details
    Browse the repository at this point in the history