Quota client image

Author: sionsmith

stable/quotas/client/demo-topic.yaml

@@ -6,6 +6,4 @@ spec:
   replicas: 3
   partitionCount: 4
   configs:
-    cleanup.policy: "delete"
-  kafkaRestClassRef:
-    name: production-kafka-rest
+    cleanup.policy: "delete"

stable/quotas/client/kustomization.yaml

@@ -0,0 +1,4 @@
+namespace: sandbox
+resources:
+- demo-topic.yaml
+- quota-manager.yaml

stable/quotas/client/quota-manager.yaml

@@ -0,0 +1,75 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: quota-manager
+  namespace: sandbox
+spec:
+  serviceName: quota-manager
+  podManagementPolicy: OrderedReady
+  replicas: 1
+  selector:
+    matchLabels:
+      app: quota-manager
+  template:
+    metadata:
+      labels:
+        app: quota-manager
+    spec:
+      containers:
+        - name: quota-manager
+          image: sandbox-kafka-client:latest
+          imagePullPolicy: Never
+          command:
+            - /tmp/quotas/apply-quotas-script.sh
+          resources:
+            requests:
+              memory: 512Mi # 768Mi
+              cpu: 500m # 1000m
+          volumeMounts:
+            - mountPath: /tmp/quotas
+              name: apply-quotas-script
+            - mountPath: /mnt/sslcerts
+              name: sslcerts
+      volumes:
+        - name: apply-quotas-script
+          configMap:
+            defaultMode: 0777
+            name: apply-quotas-script
+        - name: sslcerts
+          secret:
+            secretName: kafka-generated-jks
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: quota-manager
+  namespace: sandbox
+spec:
+  clusterIP: None
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: apply-quotas-script
+data:
+  apply-quotas-script.sh: |-
+    #!/bin/bash
+    populate_properties() {
+    tee -a /tmp/command.properties <<EOF
+    security.protocol=SSL
+    ssl.truststore.location=/mnt/sslcerts/truststore.jks
+    ssl.truststore.password=mystorepassword
+    ssl.keystore.location=/mnt/sslcerts/keystore.jks
+    ssl.keystore.password=mystorepassword
+    EOF
+    }
+    populate_properties
+
+    kafka-configs \
+      --bootstrap-server kafka:9071 \
+      --alter \
+      --entity-type users \
+      --entity-name quota \
+      --command-config /tmp/command.properties \
+      --add-config 'producer_byte_rate=10240,consumer_byte_rate=20480' 

stable/quotas/confluent/kafka.yaml

@@ -0,0 +1,14 @@
+apiVersion: platform.confluent.io/v1beta1
+kind: Kafka
+metadata:
+  name: kafka
+spec:
+  configOverrides:
+    server:
+      - confluent.schema.registry.url=https://schemaregistry:8081
+      - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler
+      - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler
+      - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler
+      - authorizer.class.name=io.confluent.kafka.security.authorizer.ConfluentServerAuthorizer
+      - confluent.authorizer.access.rule.providers=ZK_ACL,CONFLUENT
+      - password.encoder.secret="foobar"

stable/quotas/kustomization.yaml

@@ -3,13 +3,7 @@ kind: Kustomization
 namespace: sandbox
 resources:
 - namespace.yaml
-- ../../base/cfk-components/confluent-no-auth-tls
-- ./schema-config.yaml
-- ./schema.yaml
-
-configMapGenerator:
-  - name: oso-schema-config
-    files:
-      - schema=new_customer.avsc
-    options:
-      disableNameSuffixHash: true
+- ../../base/cfk-components/confluent-rbac
+- client
+patchesStrategicMerge:
+  - confluent/kafka.yaml