diff --git a/example/rocketmq_v1alpha1_broker_cr.yaml b/example/rocketmq_v1alpha1_broker_cr.yaml index e3d9bd3e..64e0b853 100644 --- a/example/rocketmq_v1alpha1_broker_cr.yaml +++ b/example/rocketmq_v1alpha1_broker_cr.yaml @@ -26,6 +26,24 @@ data: flushDiskType=ASYNC_FLUSH # set brokerRole to ASYNC_MASTER or SYNC_MASTER. DO NOT set to SLAVE because the replica instance will automatically be set!!! brokerRole=ASYNC_MASTER + # set aclEnable to true to enable ACL, and set plain_acl.yml to configure ACL + aclEnable=false + + plain_acl.yml: | + globalWhiteRemoteAddresses: + accounts: + - accessKey: RocketMQ + secretKey: 12345678 + whiteRemoteAddress: + admin: false + defaultTopicPerm: DENY + defaultGroupPerm: SUB + topicPerms: + - TopicTest=PUB + groupPerms: + # the group should convert to retry topic + - oms_consumer_group=DENY + --- apiVersion: rocketmq.apache.org/v1alpha1 @@ -75,6 +93,13 @@ spec: items: - key: broker-common.conf path: broker-common.conf + # uncomment the following to enable ACL +# - name: plain-acl +# configMap: +# name: broker-config +# items: +# - key: plain_acl.yml +# path: plain_acl.yml # volumeClaimTemplates defines the storageClass volumeClaimTemplates: - metadata: diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index 653b3d7a..2240e381 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -52,6 +52,10 @@ const ( // BrokerConfigName is the name of mounted configuration file BrokerConfigName = "broker-common.conf" + BrokerPlainAclConfigName = "plain_acl.yml" + + BrokerPlainAclConfigPath = DataPath + "/rocketmq/broker/conf" + // UpdateBrokerConfig is update broker config command UpdateBrokerConfig = "updateBrokerConfig" diff --git a/pkg/controller/broker/broker_controller.go b/pkg/controller/broker/broker_controller.go index 86d2b8a1..50c16310 100644 --- a/pkg/controller/broker/broker_controller.go +++ b/pkg/controller/broker/broker_controller.go @@ -484,19 +484,7 @@ func (r *ReconcileBroker) getBrokerStatefulSet(broker *rocketmqv1alpha1.Broker, ContainerPort: cons.BrokerHighAvailabilityContainerPort, Name: cons.BrokerHighAvailabilityContainerPortName, }}, - VolumeMounts: []corev1.VolumeMount{{ - MountPath: cons.LogMountPath, - Name: broker.Spec.VolumeClaimTemplates[0].Name, - SubPath: cons.LogSubPathName + getPathSuffix(broker, brokerGroupIndex, replicaIndex), - }, { - MountPath: cons.StoreMountPath, - Name: broker.Spec.VolumeClaimTemplates[0].Name, - SubPath: cons.StoreSubPathName + getPathSuffix(broker, brokerGroupIndex, replicaIndex), - }, { - MountPath: cons.BrokerConfigPath + "/" + cons.BrokerConfigName, - Name: broker.Spec.Volumes[0].Name, - SubPath: cons.BrokerConfigName, - }}, + VolumeMounts: getVolumeMounts(broker, brokerGroupIndex, replicaIndex), }}, Volumes: getVolumes(broker), SecurityContext: getPodSecurityContext(broker), @@ -512,6 +500,30 @@ func (r *ReconcileBroker) getBrokerStatefulSet(broker *rocketmqv1alpha1.Broker, } +func getVolumeMounts(broker *rocketmqv1alpha1.Broker, brokerGroupIndex int, replicaIndex int) []corev1.VolumeMount { + mounts := []corev1.VolumeMount{{ + MountPath: cons.LogMountPath, + Name: broker.Spec.VolumeClaimTemplates[0].Name, + SubPath: cons.LogSubPathName + getPathSuffix(broker, brokerGroupIndex, replicaIndex), + }, { + MountPath: cons.StoreMountPath, + Name: broker.Spec.VolumeClaimTemplates[0].Name, + SubPath: cons.StoreSubPathName + getPathSuffix(broker, brokerGroupIndex, replicaIndex), + }, { + MountPath: cons.BrokerConfigPath + "/" + cons.BrokerConfigName, + Name: broker.Spec.Volumes[0].Name, + SubPath: cons.BrokerConfigName, + }} + if len(broker.Spec.Volumes) > 1 && broker.Spec.Volumes[1].Name == "plain-acl" { + mounts = append(mounts, corev1.VolumeMount{ + MountPath: cons.BrokerPlainAclConfigPath + "/" + cons.BrokerPlainAclConfigName, + Name: broker.Spec.Volumes[1].Name, + SubPath: cons.BrokerPlainAclConfigName, + }) + } + return mounts +} + func getENV(broker *rocketmqv1alpha1.Broker, replicaIndex int, brokerGroupIndex int) []corev1.EnvVar { envs := []corev1.EnvVar{{ Name: cons.EnvNameServiceAddress,