diff --git a/infrastructure/helm-chart/templates/config/kafka.yaml b/infrastructure/helm-chart/templates/config/kafka.yaml index a00933d800..3e1f6f26ea 100644 --- a/infrastructure/helm-chart/templates/config/kafka.yaml +++ b/infrastructure/helm-chart/templates/config/kafka.yaml @@ -13,3 +13,7 @@ data: {{- end }} KAFKA_SCHEMA_REGISTRY_URL: {{ .Values.config.kafka.schemaRegistryUrl }} KAFKA_COMMIT_INTERVAL_MS: "{{ .Values.config.kafka.commitInterval }}" + KAFKA_SASL_CA: |- + {{ .Values.config.kafka.saslCaCertificate | nindent 4 | trim }} + KAFKA_SASL_USERNAME: {{ .Values.config.kafka.saslUsername }} + KAFKA_SASL_PASSWORD: {{ .Values.config.kafka.saslPassword }} diff --git a/infrastructure/helm-chart/templates/provisioning/job-kafka.yaml b/infrastructure/helm-chart/templates/provisioning/job-kafka.yaml index a6dab65f1a..9a24e8d3e0 100644 --- a/infrastructure/helm-chart/templates/provisioning/job-kafka.yaml +++ b/infrastructure/helm-chart/templates/provisioning/job-kafka.yaml @@ -24,6 +24,9 @@ spec: volumeMounts: - name: kafka-create-topics mountPath: /opt/provisioning + - name: kafka-config + mountPath: /opt/kafka/ca.pem + subPath: KAFKA_SASL_CA initContainers: - name: wait image: "{{ .Values.global.busyboxImage }}" diff --git a/infrastructure/helm-chart/templates/provisioning/kafka-create-topics.yaml b/infrastructure/helm-chart/templates/provisioning/kafka-create-topics.yaml index 29b06636b9..1ca795a783 100644 --- a/infrastructure/helm-chart/templates/provisioning/kafka-create-topics.yaml +++ b/infrastructure/helm-chart/templates/provisioning/kafka-create-topics.yaml @@ -29,6 +29,9 @@ data: REPLICAS=${KAFKA_MINIMUM_REPLICAS:-1} AIRY_CORE_NAMESPACE=${AIRY_CORE_NAMESPACE:-} AUTH_JAAS=${AUTH_JAAS:-} + KAFKA_SASL_USERNAME=${KAFKA_SASL_USERNAME:-} + KAFKA_SASL_PASSWORD=${KAFKA_SASL_PASSWORD:-} + KAFKA_SASL_CA=${KAFKA_SASL_CA:-} if [ -n "${AIRY_CORE_NAMESPACE}" ]; then AIRY_CORE_NAMESPACE="${AIRY_CORE_NAMESPACE}." @@ -45,6 +48,18 @@ data: echo "Using jaas authentication for connecting to Kafka" fi + if [ -n "${KAFKA_SASL_CA}" ]; then + cat < /opt/kafka/jaas.config + security.protocol=SASL_SSL + sasl.mechanism=PLAIN + sasl.username=$KAFKA_SASL_USERNAME + sasl.password=$KAFKA_SASL_PASSWORD + sasl.ca.location=/opt/kafka/ca.pem + EOF + CONNECTION_OPTS+=(--command-config /opt/kafka/jaas.config) + echo "Using jaas authentication for connecting to Kafka" + fi + echo "Creating Kafka topics"