-
Notifications
You must be signed in to change notification settings - Fork 1
/
start.sh
executable file
·87 lines (69 loc) · 2.89 KB
/
start.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#!/bin/bash
if [ ! -f ./certs/kafka.truststore.jks ]; then
echo "create the keystore files before running this script"
exit;
fi
orb start k8s
# Create shared namespace
kubectl create namespace conduktor
########################
# Create kubernetes secrets for Kafka
kubectl -n conduktor \
create secret generic keystore-passwords \
--from-literal=keystore-password=conduktor \
--from-literal=truststore-password=conduktor
kubectl -n conduktor \
create secret generic client-passwords \
--from-literal=client-passwords=admin-secret \
--from-literal=inter-broker-password=admin-secret \
--from-literal=controller-password=admin-secret
kubectl -n conduktor \
create secret generic kafka-cert \
--from-file=kafka.truststore.jks=./certs/kafka.truststore.jks \
--from-file=kafka.keystore.jks=./certs/kafka.keystore.jks
########################
# Create kubernetes secrets for Gateway
# Use gateway.keystore.jks since that has the cert for Gateway.
# Use kafka.truststore.jks since that is the one that trusts the Kafka cert.
kubectl -n conduktor \
create secret generic gateway-cert \
--from-file=gateway.keystore.jks=./certs/gateway.keystore.jks \
--from-file=kafka.truststore.jks=./certs/kafka.truststore.jks
kubectl -n conduktor \
create secret generic gateway-env-vars \
--from-literal=KAFKA_SASL_JAAS_CONFIG='org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret";' \
--from-literal=GATEWAY_SSL_KEY_STORE_PASSWORD=conduktor \
--from-literal=GATEWAY_SSL_KEY_PASSWORD=conduktor \
--from-literal=GATEWAY_HTTPS_KEY_STORE_PASSWORD=conduktor \
--from-literal=KAFKA_SSL_TRUSTSTORE_PASSWORD=conduktor
########################
# Install components
# Install Kafka via Bitnami's Kafka helm chart
helm install \
-f ./helm/kafka-values.yml \
-n conduktor \
franz oci://registry-1.docker.io/bitnamicharts/kafka
# Add helm repos
helm repo add conduktor https://helm.conduktor.io
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
# Install Gateway
helm install \
-f ./helm/gateway-values.yml \
-n conduktor \
gateway conduktor/conduktor-gateway
# Install Ingress Controller
helm upgrade \
--install ingress-nginx ingress-nginx/ingress-nginx \
--set controller.extraArgs.enable-ssl-passthrough="true"
# Create Ingress for Gateway
kubectl apply -f ingress.yml
# Patch liveness and startup probes of the gateway deployment to use HTTPS
kubectl patch deployment gateway \
-n conduktor \
--type=json \
-p='[{"op": "add", "path": "/spec/template/spec/containers/0/startupProbe/httpGet/scheme", "value":"HTTPS"}]'
kubectl patch deployment gateway \
-n conduktor \
--type=json \
-p='[{"op": "add", "path": "/spec/template/spec/containers/0/livenessProbe/httpGet/scheme", "value":"HTTPS"}]'