-
Notifications
You must be signed in to change notification settings - Fork 580
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable per kafka listener sasl #6940
Merged
RafalKorepta
merged 29 commits into
redpanda-data:dev
from
RafalKorepta:rk/gh-1959/enable-per-kafka-listener-sasl
Oct 31, 2022
Merged
Changes from 1 commit
Commits
Show all changes
29 commits
Select commit
Hold shift + click to select a range
4cb25bc
k8s: Update Makefile targets
be3b90f
k8s: Extend Kafka authorization method
24a2231
k8s: Add authorized method webhook with test
c206592
k8s: Generate CRD definition
b519d6f
k8s: Replace deprecated reference on enable_sasl with function
01d76db
k8s: Implement new authorization configuration options
bef9d62
k8s: Create feature gate for new SASL per listener feature
159b717
k8s: Extend PandaProxy authorization method
4e60cb7
k8s: Generate CRD definition after adding pp authentication method
d4bc3c8
k8s: Extend schema registry authorization method
3739a2c
k8s: Generate CRD definition after adding sr authentication method
10c1068
rpk: Change pandaproxy configuration options
bc9f5fa
rpk: Change schema registry configuration options
6dcfcb3
k8s: Add authorization method in panda proxy configuration
ffdc589
k8s: Add authorization method in schema registry configuration
5f9c534
k8s: Change SASL configuration in pp e2e test
6e1dd34
k8s: Run gofmpt against operator code base
9ad0859
k8s: Clean console controller tests
18e0a5c
k8s: Bump kuttle test version
2831119
k8s: Load redpanda container in kindContainers
daee21f
k8s: Use configurator from source code
8cd9034
k8s: Add schema registry e2e tests using http basic authenticationMethod
1c150d3
k8s: Remove crlfmt formatter
e4d0bc2
k8s: Create more traces for console configuration changes
3afabea
k8s: Bump certificate manager verification timeout
f8ecfd2
k8s: Change decommission deployment of operator
b866556
k8s: Change update configuration image test
962cd27
k8s: Add update secret verb to cluster role
b65e9a1
k8s: Add delete config map verb to cluster role
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
15 changes: 15 additions & 0 deletions
15
src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/00-assert.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
apiVersion: apps/v1 | ||
kind: StatefulSet | ||
metadata: | ||
name: schema-registry | ||
status: | ||
readyReplicas: 1 | ||
|
||
--- | ||
|
||
apiVersion: kuttl.dev/v1beta1 | ||
kind: TestAssert | ||
collectors: | ||
- type: pod | ||
selector: app.kubernetes.io/name=redpanda | ||
tail: -1 |
30 changes: 30 additions & 0 deletions
30
src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/00-redpanda-cluster.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
apiVersion: redpanda.vectorized.io/v1alpha1 | ||
kind: Cluster | ||
metadata: | ||
name: schema-registry | ||
spec: | ||
image: "localhost/redpanda" | ||
version: "dev" | ||
replicas: 1 | ||
resources: | ||
requests: | ||
cpu: 100m | ||
memory: 100Mi | ||
limits: | ||
cpu: 1 | ||
memory: 100Mi | ||
kafkaEnableAuthorization: true | ||
configuration: | ||
rpcServer: | ||
port: 33145 | ||
kafkaApi: | ||
- port: 9092 | ||
authenticationMethod: sasl | ||
tls: | ||
enabled: true | ||
adminApi: | ||
- port: 9644 | ||
schemaRegistry: | ||
port: 8081 | ||
authenticationMethod: http_basic | ||
developerMode: true |
18 changes: 18 additions & 0 deletions
18
src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/01-assert.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: create-schema | ||
status: | ||
conditions: | ||
- status: "True" | ||
type: Complete | ||
succeeded: 1 | ||
|
||
--- | ||
|
||
apiVersion: kuttl.dev/v1beta1 | ||
kind: TestAssert | ||
collectors: | ||
- type: pod | ||
selector: app.kubernetes.io/name=redpanda | ||
tail: -1 |
38 changes: 38 additions & 0 deletions
38
src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/01-create-schema.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: create-schema | ||
spec: | ||
template: | ||
spec: | ||
containers: | ||
- name: rpk | ||
image: localhost/redpanda:dev | ||
env: | ||
- name: SCRAM_USERNAME | ||
valueFrom: | ||
secretKeyRef: | ||
name: schema-registry-schema-registry-sasl | ||
key: username | ||
- name: SCRAM_PASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
name: schema-registry-schema-registry-sasl | ||
key: password | ||
command: | ||
- curl | ||
args: | ||
- --silent | ||
- -X | ||
- POST | ||
- -H | ||
- "Content-Type: application/vnd.schemaregistry.v1+json" | ||
- -u | ||
- "$SCRAM_USERNAME:$SCRAM_PASSWORD" | ||
- --data | ||
- '{"schema": "{\"type\": \"string\"}" }' | ||
- http://schema-registry-cluster:8081/subjects/Kafka-value/versions | ||
restartPolicy: Never | ||
backoffLimit: 6 | ||
parallelism: 1 | ||
completions: 1 |
18 changes: 18 additions & 0 deletions
18
src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/02-assert.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: retrive-schema | ||
status: | ||
conditions: | ||
- status: "True" | ||
type: Complete | ||
succeeded: 1 | ||
|
||
--- | ||
|
||
apiVersion: kuttl.dev/v1beta1 | ||
kind: TestAssert | ||
collectors: | ||
- type: pod | ||
selector: app.kubernetes.io/name=redpanda | ||
tail: -1 |
34 changes: 34 additions & 0 deletions
34
src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/02-retrieve-schema.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: retrive-schema | ||
spec: | ||
template: | ||
spec: | ||
containers: | ||
- name: rpk | ||
image: localhost/redpanda:dev | ||
env: | ||
- name: SCRAM_USERNAME | ||
valueFrom: | ||
secretKeyRef: | ||
name: schema-registry-schema-registry-sasl | ||
key: username | ||
- name: SCRAM_PASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
name: schema-registry-schema-registry-sasl | ||
key: password | ||
command: | ||
- curl | ||
args: | ||
- --silent | ||
- -X | ||
- GET | ||
- -u | ||
- "$SCRAM_USERNAME:$SCRAM_PASSWORD" | ||
- http://schema-registry-cluster:8081/subjects/Kafka-value/versions/1 | ||
restartPolicy: Never | ||
backoffLimit: 6 | ||
parallelism: 1 | ||
completions: 1 |
18 changes: 18 additions & 0 deletions
18
src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/03-assert.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: delete-schema | ||
status: | ||
conditions: | ||
- status: "True" | ||
type: Complete | ||
succeeded: 1 | ||
|
||
--- | ||
|
||
apiVersion: kuttl.dev/v1beta1 | ||
kind: TestAssert | ||
collectors: | ||
- type: pod | ||
selector: app.kubernetes.io/name=redpanda | ||
tail: -1 |
34 changes: 34 additions & 0 deletions
34
src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/03-delete-schema.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: delete-schema | ||
spec: | ||
template: | ||
spec: | ||
containers: | ||
- name: rpk | ||
image: localhost/redpanda:dev | ||
env: | ||
- name: SCRAM_USERNAME | ||
valueFrom: | ||
secretKeyRef: | ||
name: schema-registry-schema-registry-sasl | ||
key: username | ||
- name: SCRAM_PASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
name: schema-registry-schema-registry-sasl | ||
key: password | ||
command: | ||
- curl | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same, should check http code |
||
args: | ||
- --silent | ||
- -X | ||
- DELETE | ||
- -u | ||
- "$SCRAM_USERNAME:$SCRAM_PASSWORD" | ||
- http://schema-registry-cluster:8081/subjects/Kafka-value/versions/1 | ||
restartPolicy: Never | ||
backoffLimit: 6 | ||
parallelism: 1 | ||
completions: 1 |
11 changes: 11 additions & 0 deletions
11
src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/04-add-node-tls.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
apiVersion: redpanda.vectorized.io/v1alpha1 | ||
kind: Cluster | ||
metadata: | ||
name: schema-registry | ||
spec: | ||
configuration: | ||
schemaRegistry: | ||
port: 8081 | ||
authenticationMethod: http_basic | ||
tls: | ||
enabled: true |
53 changes: 53 additions & 0 deletions
53
src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/04-assert.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
apiVersion: cert-manager.io/v1 | ||
kind: Issuer | ||
metadata: | ||
name: schema-registry-schema-registry-selfsigned-issuer | ||
status: | ||
conditions: | ||
- reason: IsReady | ||
status: "True" | ||
type: Ready | ||
|
||
--- | ||
|
||
apiVersion: cert-manager.io/v1 | ||
kind: Issuer | ||
metadata: | ||
name: schema-registry-schema-registry-root-issuer | ||
status: | ||
conditions: | ||
- reason: KeyPairVerified | ||
status: "True" | ||
type: Ready | ||
--- | ||
|
||
apiVersion: cert-manager.io/v1 | ||
kind: Certificate | ||
metadata: | ||
name: schema-registry-schema-registry-root-certificate | ||
status: | ||
conditions: | ||
- reason: Ready | ||
status: "True" | ||
type: Ready | ||
|
||
--- | ||
|
||
apiVersion: cert-manager.io/v1 | ||
kind: Certificate | ||
metadata: | ||
name: schema-registry-schema-registry-node | ||
status: | ||
conditions: | ||
- reason: Ready | ||
status: "True" | ||
type: Ready | ||
|
||
--- | ||
|
||
apiVersion: kuttl.dev/v1beta1 | ||
kind: TestAssert | ||
collectors: | ||
- type: pod | ||
selector: app.kubernetes.io/name=redpanda | ||
tail: -1 |
18 changes: 18 additions & 0 deletions
18
src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/05-assert.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: create-schema-with-tls | ||
status: | ||
conditions: | ||
- status: "True" | ||
type: Complete | ||
succeeded: 1 | ||
|
||
--- | ||
|
||
apiVersion: kuttl.dev/v1beta1 | ||
kind: TestAssert | ||
collectors: | ||
- type: pod | ||
selector: app.kubernetes.io/name=redpanda | ||
tail: -1 |
47 changes: 47 additions & 0 deletions
47
src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/05-create-schema-with-tls.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: create-schema-with-tls | ||
spec: | ||
template: | ||
spec: | ||
volumes: | ||
- name: tlscert | ||
secret: | ||
defaultMode: 420 | ||
secretName: schema-registry-schema-registry-node | ||
containers: | ||
- name: rpk | ||
image: localhost/redpanda:dev | ||
env: | ||
- name: POD_NAMESPACE | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: metadata.namespace | ||
- name: SCRAM_USERNAME | ||
valueFrom: | ||
secretKeyRef: | ||
name: schema-registry-schema-registry-sasl | ||
key: username | ||
- name: SCRAM_PASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
name: schema-registry-schema-registry-sasl | ||
key: password | ||
command: | ||
- /bin/bash | ||
- -c | ||
args: | ||
- > | ||
curl -vv --silent --cacert /etc/tls/certs/schema-registry/ca.crt | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same, should check http code |
||
-u "$SCRAM_USERNAME:$SCRAM_PASSWORD" | ||
-X POST -H "Content-Type: application/vnd.schemaregistry.v1+json" | ||
--data '{"schema": "{\"type\": \"string\"}" }' | ||
https://schema-registry-cluster.$POD_NAMESPACE.svc.cluster.local.:8081/subjects/Kafka-value/versions | ||
volumeMounts: | ||
- mountPath: /etc/tls/certs/schema-registry | ||
name: tlscert | ||
restartPolicy: Never | ||
backoffLimit: 6 | ||
parallelism: 1 | ||
completions: 1 |
18 changes: 18 additions & 0 deletions
18
src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/06-assert.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: retrieve-schema-with-tls | ||
status: | ||
conditions: | ||
- status: "True" | ||
type: Complete | ||
succeeded: 1 | ||
|
||
--- | ||
|
||
apiVersion: kuttl.dev/v1beta1 | ||
kind: TestAssert | ||
collectors: | ||
- type: pod | ||
selector: app.kubernetes.io/name=redpanda | ||
tail: -1 |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately
curl
does not fail if the status code is not 2xx, you may need to check it manually