Merge branch 'quotas' into schema-linking

mccullya · mccullya · commit 749c4d35e5a5 · 2022-06-13T16:20:42.000+01:00
diff --git a/stable/quotas/confluent/kafka.yaml b/stable/quotas/confluent/kafka.yaml
@@ -0,0 +1,19 @@
+apiVersion: platform.confluent.io/v1beta1
+kind: Kafka
+metadata:
+  name: kafka
+spec:
+  configOverrides:
+    server:
+      - confluent.schema.registry.url=https://schemaregistry:8081
+      - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler
+      - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler
+      - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler
+      - authorizer.class.name=io.confluent.kafka.security.authorizer.ConfluentServerAuthorizer
+      - confluent.authorizer.access.rule.providers=ZK_ACL,CONFLUENT
+      - quota.consumer.default = 1024
+      - quota.producer.default = 1024
+      - quota.window.num = 11
+      - quota.window.size.seconds = 1
+
+
diff --git a/stable/quotas/docker/Dockerfile b/stable/quotas/docker/Dockerfile
@@ -0,0 +1,6 @@
+FROM confluentinc/cp-kafka:latest
+USER root
+RUN yum install -y jq vim vi
+RUN curl -L -o /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/`curl -s https://api.github.com/repos/mikefarah/yq/releases/latest | jq .tag_name | sed 's/"//g'`/yq_linux_amd64
+RUN  chmod +x /usr/local/bin/yq
+USER appuser
diff --git a/stable/quotas/docker/build-inside.sh b/stable/quotas/docker/build-inside.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+eval $(minikube docker-env)
+docker build -t quota-manager .
diff --git a/stable/quotas/kustomization.yaml b/stable/quotas/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: sandbox
+resources:
+- namespace.yaml
+- ../../base/cfk-components/confluent-rbac
+- quota-manager
+patchesStrategicMerge:
+  - confluent/kafka.yaml
diff --git a/stable/quotas/namespace.yaml b/stable/quotas/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: sandbox
diff --git a/stable/quotas/quota-manager/default/apply-quotas-script.sh b/stable/quotas/quota-manager/default/apply-quotas-script.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+quota_definition="/tmp/quota-definition/quotas.yaml"
+for i in $(yq '.platform.quotas | keys' < $quota_definition); do
+  principal="${i:0}"
+  if [[ "$principal" != "-" ]]; then
+    producer_byte_rate=$(yq ".platform.quotas.$principal.producer_byte_rate" < $quota_definition)
+    consumer_byte_rate=$(yq ".platform.quotas.$principal.consumer_byte_rate" < $quota_definition)
+    request_percentage=$(yq ".platform.quotas.$principal.request_percentage" < $quota_definition)
+    config_string=""
+    if [[ "$producer_byte_rate" != "null" ]]; then
+      config_string="$config_string producer_byte_rate=$producer_byte_rate,"
+    fi
+    if [[ "$consumer_byte_rate" != "null" ]]; then
+      config_string="$config_string consumer_byte_rate=$consumer_byte_rate,"
+    fi
+    if [[ "$request_percentage" != "null" ]]; then
+      config_string="$config_string request_percentage=$request_percentage,"
+    fi
+    # Removes white space and the last trailing comma
+    config=$(echo $config_string | tr -d " \t\n\r" | rev | cut -c 2- | rev)
+    echo $config
+    set -x
+    if [[ "$principal" == "global" ]]; then
+      kafka-configs \
+      --bootstrap-server kafka:9071 \
+      --alter \
+      --entity-type users \
+      --entity-default \
+      --command-config /tmp/config-properties/kafka.properties \
+      --add-config "$config"
+    else
+      kafka-configs \
+      --bootstrap-server kafka:9071 \
+      --alter \
+      --entity-type users \
+      --entity-name $principal \
+      --command-config /tmp/config-properties/kafka.properties \
+      --add-config "$config"
+    fi
+    set +x
+  fi
+done
+
diff --git a/stable/quotas/quota-manager/default/kafka.properties b/stable/quotas/quota-manager/default/kafka.properties
@@ -0,0 +1,6 @@
+bootstrap.servers=kafka:9071
+sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username=kafka password=kafka-secret;
+sasl.mechanism=PLAIN
+security.protocol=SASL_SSL
+ssl.truststore.location=/mnt/sslcerts/truststore.jks
+ssl.truststore.password=mystorepassword
diff --git a/stable/quotas/quota-manager/default/quotas.yaml b/stable/quotas/quota-manager/default/quotas.yaml
@@ -0,0 +1,16 @@
+---
+platform:
+  quotas:
+    global:
+      producer_byte_rate: 1024
+      consumer_byte_rate: 1024
+      request_percentage: 50.0
+    app-0:
+      producer_byte_rate: 4096
+      consumer_byte_rate: 2048
+      request_percentage: 50.0
+    app-2:
+      producer_byte_rate: 2048
+      consumer_byte_rate: 2048
+    app-3:
+      request_percentage: 80.0
diff --git a/stable/quotas/quota-manager/kustomization.yaml b/stable/quotas/quota-manager/kustomization.yaml
@@ -0,0 +1,15 @@
+namespace: sandbox
+resources:
+- quota-manager.yaml
+configMapGenerator:
+- name: oso-quota-example
+  files:
+  - ./default/quotas.yaml
+- name: config-properties
+  files:
+  - ./default/kafka.properties
+- name: apply-quota-script
+  files:
+  - ./default/apply-quotas-script.sh
+generatorOptions:
+  disableNameSuffixHash: true
diff --git a/stable/quotas/quota-manager/quota-manager.yaml b/stable/quotas/quota-manager/quota-manager.yaml
@@ -0,0 +1,52 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: quota-manager
+  namespace: sandbox
+spec:
+
+  template:
+    metadata:
+      labels:
+        app: quota-manager
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: quota-manager
+          image: quota-manager:latest
+          imagePullPolicy: Never
+          command:
+            - /tmp/quotas/apply-quotas-script.sh
+#            - "sleep"
+#            - "10000000"
+
+          resources:
+            requests:
+              memory: 512Mi # 768Mi
+              cpu: 500m # 1000m
+          volumeMounts:
+            - mountPath: /tmp/quotas
+              name: apply-quota-script
+            - mountPath: /tmp/quota-definition
+              name: oso-quota-example
+            - mountPath: /tmp/config-properties
+              name: config-properties
+            - mountPath: /mnt/sslcerts
+              name: sslcerts
+      volumes:
+        - name: config-properties
+          configMap:
+            defaultMode: 0777
+            name: config-properties
+        - name: oso-quota-example
+          configMap:
+            defaultMode: 0777
+            name: oso-quota-example
+        - name: apply-quota-script
+          configMap:
+            defaultMode: 0777
+            name: apply-quota-script
+        - name: sslcerts
+          secret:
+            secretName: kafka-generated-jks

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#!/bin/bash`
	`2`	`+eval $(minikube docker-env)`
	`3`	`+docker build -t quota-manager .`