fix bugs

Author: caiq1nyu

addons-cluster/kafka/templates/_helpers.tpl

@@ -93,6 +93,8 @@ kafka2-external-zk
 {{- define "kafka-cluster.brokerCommonEnv" -}}
 - name: KB_CLUSTER_VERSION
   value: "{{ .Values.version }}"
+- name: KB_CLUSTER_WITH_ZK
+  value: "{{- if hasPrefix "withZookeeper" .Values.mode }}true{{- else }}false{{- end }}"
 {{/*
 will deprecated:
 - KB_KAFKA_ENABLE_SASL

addons-cluster/kafka/templates/account-secret.yaml

@@ -1,4 +1,4 @@
-{{- if and (.Values.sasl.enable) (eq .Values.sasl.useKBBuildInSasl "true") }}
+{{- if and (.Values.sasl.enable) .Values.sasl.useKBBuildInSasl }}
 apiVersion: v1
 kind: Secret
 metadata:

addons-cluster/kafka/values.yaml

@@ -1,6 +1,6 @@
 ## @param version Kafka cluster version
 ##
-version: 3.3.2
+version: 3.9.0
 
 ## @param mode for Kafka cluster mode, 'combined' is combined Kafka controller (KRaft) and broker,
 ## 'separated' is a Kafka KRaft and Kafka broker cluster.

addons/kafka/scripts/common.sh

@@ -66,19 +66,16 @@ build_server_jaas_config() {
     if [ "$(is_sasl_build_in_enabled)" == "true" ]; then
         # build-in only support plain yet
         login_module="org.apache.kafka.common.security.plain.PlainLoginModule required"
-        # encode password
-        admin_password=$(build_encode_password "${admin_password}")
-        client_password=$(build_encode_password "${client_password}")
     fi
 
     cat << EOF > /opt/bitnami/kafka/config/kafka_jaas.conf
 KafkaServer {
-  ${login_module}"
+  ${login_module}
   username="$KAFKA_ADMIN_USER"
   password="$admin_password";
 };
 KafkaClient {
-  ${login_module}"
+  ${login_module}
   username="$KAFKA_CLIENT_USER"
   password="$client_password";
 };
@@ -114,6 +111,30 @@ build_if_build_in_enabled() {
         return 1
     fi
 
-    export KAFKA_CFG_LISTENER_NAME_SASL_SSL_PLAIN_SASL_SERVER_CALLBACK_HANDLER_CLASS=${jar_path}
-    echo "[sasl]export KAFKA_CFG_LISTENER_NAME_SASL_SSL_PLAIN_SASL_SERVER_CALLBACK_HANDLER_CLASS=${KAFKA_CFG_LISTENER_NAME_SASL_SSL_PLAIN_SASL_SERVER_CALLBACK_HANDLER_CLASS}"
+    export KAFKA_CFG_LISTENER_NAME_CLIENT_PLAIN_SASL_SERVER_CALLBACK_HANDLER_CLASS=${jar_path}
+    echo "[sasl]export KAFKA_CFG_LISTENER_NAME_CLIENT_PLAIN_SASL_SERVER_CALLBACK_HANDLER_CLASS=${KAFKA_CFG_LISTENER_NAME_CLIENT_PLAIN_SASL_SERVER_CALLBACK_HANDLER_CLASS}"
+    
+    export KAFKA_CFG_LISTENER_NAME_INTERNAL_PLAIN_SASL_SERVER_CALLBACK_HANDLER_CLASS=${jar_path}
+    echo "[sasl]export KAFKA_CFG_LISTENER_NAME_INTERNAL_PLAIN_SASL_SERVER_CALLBACK_HANDLER_CLASS=${KAFKA_CFG_LISTENER_NAME_INTERNAL_PLAIN_SASL_SERVER_CALLBACK_HANDLER_CLASS}"
+}
+
+get_client_default_mechanism() {
+    isZkOrNot="$1"
+    if [[ "$(is_sasl_enabled)" == "false" ]]; then
+        echo ""
+        return 0
+    fi
+    if [[ -n "$KB_KAFKA_SASL_MECHANISMS" ]]; then
+        if [[ "$KB_KAFKA_SASL_MECHANISMS" == *,* ]]; then
+            echo "${KB_KAFKA_SASL_MECHANISMS%%,*}"
+        else
+            echo "$KB_KAFKA_SASL_MECHANISMS"
+        fi
+        return 0
+    fi
+    if [[ "${isZkOrNot}" == "true" ]] && [[ "${KB_KAFKA_ENABLE_SASL_SCRAM}" == "true" ]]; then
+        echo "SCRAM-SHA-512"
+        return 0
+    fi
+    echo "PLAIN"
 }

addons/kafka/scripts/kafka-exporter-setup.sh

@@ -1,4 +1,5 @@
 #!/bin/bash
+set -e
 
 # shellcheck disable=SC2034
 ut_mode="false"
@@ -45,10 +46,12 @@ get_start_kafka_exporter_cmd() {
   fi
 
   saslArgs=""
-  if [[ $KB_KAFKA_ENABLE_SASL_SCRAM == "true" ]]; then
+  if [[ "$(is_sasl_enabled)" == true ]]; then 
     echo "sasl is enabled, setting sasl args" >&2
-    saslArgs="--sasl.enabled --sasl.mechanism=scram-sha512 --sasl.username=$KAFKA_ADMIN_USER --sasl.password=$KAFKA_ADMIN_PASSWORD"
-  fi
+    local default_mechanism=$(get_client_default_mechanism ${KB_CLUSTER_WITH_ZK:-false})
+    echo "sasl mechanism from config: $default_mechanism"
+    saslArgs=$(get_kafka_exporter_sasl_args_by_mechanism "$default_mechanism")
+  fi 
 
   if [[ -n "$TLS_ENABLED" ]]; then
     echo "TLS_ENABLED is set to true, start kafka_exporter with tls enabled." >&2
@@ -60,6 +63,26 @@ get_start_kafka_exporter_cmd() {
   return 0
 }
 
+get_kafka_exporter_sasl_args_by_mechanism() {
+  local mechanism="$1"
+  case "$mechanism" in
+    "scram-sha512")
+      echo "--sasl.enabled --sasl.mechanism=scram-sha512 --sasl.username=$KAFKA_ADMIN_USER --sasl.password=$KAFKA_ADMIN_PASSWORD"
+      ;;
+    "scram-sha256")
+      echo "--sasl.enabled --sasl.mechanism=scram-sha256 --sasl.username=$KAFKA_ADMIN_USER --sasl.password=$KAFKA_ADMIN_PASSWORD"
+      ;;
+    "plain")
+      echo "--sasl.enabled --sasl.mechanism=plain --sasl.username=$KAFKA_ADMIN_USER --sasl.password=$KAFKA_ADMIN_PASSWORD"
+      ;;
+    *)
+      echo "invalid or not supported sasl mechanism: $mechanism" >&2
+      return 1
+      ;;
+  esac
+}
+
+
 start_kafka_exporter() {
   local cmd
   cmd=$(get_start_kafka_exporter_cmd)

addons/kafka/templates/cmpd-combine.yaml

@@ -90,15 +90,6 @@ spec:
           enabled: Optional
   ## serial is not used because rsm currently does not support kafka's role detection. The lack of role label during restart will affect the pod restart.
   updateStrategy: BestEffortParallel
-  volumes:
-    - name: data
-      needSnapshot: true
-    - name: metadata
-      needSnapshot: true
-    {{- if .Values.customVolume.enabled }}
-    - name: {{ .Values.customVolume.name | default "custom-volume" }}
-      needSnapshot: {{ .Values.customVolume.needSnapshot | default false }}
-    {{- end }}
   configs:
     - name: kafka-configuration-tpl
       template: {{ include "kafka.configurationTplName" . }}
@@ -134,7 +125,7 @@ spec:
       {{- toYaml .Values.securityContext | nindent 6 }}
     {{- end }}
     initContainers:
-      - name: kafkatools
+      - name: kafkatool
         imagePullPolicy: {{ default "IfNotPresent" .Values.images.pullPolicy }}
         command:
           - sh
@@ -253,10 +244,6 @@ spec:
             mountPath: /shared-tools
           - name: accounts
             mountPath: /accounts/accounts-mount  
-          {{- if .Values.customVolume.enabled }}
-          - name: {{ .Values.customVolume.name | default "custom-volume" }}
-            mountPath: {{ .Values.customVolume.mountPath | default "/custom" }}
-          {{- end }}
           {{- with .Values.extraVolumeMounts.kafka }}
           {{- toYaml . | nindent 10}}
           {{- end }}

addons/kafka/templates/cmpv-broker.yaml

@@ -28,7 +28,7 @@ spec:
       images:
         kafka: {{ $.Values.images.registry | default "docker.io" }}/{{ $.Values.images.kafka.repository }}:{{ .tag }}
         jmx-exporter: {{ $.Values.images.registry | default "docker.io" }}/{{ $.Values.images.jmxExporter.repository }}:{{ $.Values.images.jmxExporter.tag }}
-        kafkatools: {{ $.Values.images.registry | default "docker.io" }}/{{ $.Values.images.kafkatools.repository }}:{{ $.Values.images.kafkatools.tag }}
+        kafkatool: {{ $.Values.images.registry | default "docker.io" }}/{{ $.Values.images.kafkatool.repository }}:{{ $.Values.images.kafkatool.tag }}
         {{- if eq $key "v2" }}
         accountProvision: {{ $.Values.images.registry | default "docker.io" }}/{{ $.Values.images.kafka.repository }}:{{ .tag }}
         {{- end }}

addons/kafka/templates/cmpv-combine.yaml

@@ -21,5 +21,5 @@ spec:
       images:
         kafka: {{ $.Values.images.registry | default "docker.io" }}/{{ $.Values.images.kafka.repository }}:{{ .tag }}
         jmx-exporter: {{ $.Values.images.registry | default "docker.io" }}/{{ $.Values.images.jmxExporter.repository }}:{{ $.Values.images.jmxExporter.tag }}
-        kafkatools: {{ $.Values.images.registry | default "docker.io" }}/{{ $.Values.images.kafkatools.repository }}:{{ $.Values.images.kafkatools.tag }}
+        kafkatool: {{ $.Values.images.registry | default "docker.io" }}/{{ $.Values.images.kafkatool.repository }}:{{ $.Values.images.kafkatool.tag }}
   {{- end }}

addons/kafka/values.yaml

@@ -41,8 +41,8 @@ images:
   jmxExporter:
     repository: apecloud/jmx-exporter
     tag: 0.18.0-debian-11-r20
-  kafkatools:
-    repository: apecloud/kafkatools
+  kafkatool:
+    repository: apecloud/kafkatool
     tag: 0.1.0
 
 ## @param define default serviceVersion of each Component