From bbfc1c2a8d1f379b4417ac993740a748a62977b7 Mon Sep 17 00:00:00 2001 From: Derek Horton Date: Wed, 13 Dec 2023 14:52:14 -0600 Subject: [PATCH] Build a java jaas config file to tell the kafka event consumer to use sasl to authenticate against msk --- deploy/connect-msk.yaml | 25 ++++++++++++++++++++ event-streams/Dockerfile | 1 + event-streams/build_kafka_consumer_config.sh | 12 ++++++++++ 3 files changed, 38 insertions(+) create mode 100755 event-streams/build_kafka_consumer_config.sh diff --git a/deploy/connect-msk.yaml b/deploy/connect-msk.yaml index dfb22955..e6217bdc 100644 --- a/deploy/connect-msk.yaml +++ b/deploy/connect-msk.yaml @@ -329,8 +329,13 @@ objects: app: playbook-dispatcher pod: playbook-dispatcher-event-consumer spec: + containers: - command: + - /bin/sh + - /build_kafka_consumer_config.sh + - /tmp/temp-files/kafka-jaas.conf + - && - /opt/kafka/bin/kafka-console-consumer.sh - --bootstrap-server - ${KAFKA_BOOTSTRAP_HOST} @@ -339,6 +344,8 @@ objects: - ${EVENT_CONSUMER_GROUP} - --topic - ${EVENT_CONSUMER_TOPIC} + - --consumer.config + - /tmp/temp-files/kafka-jaas.conf image: ${KAFKA_CONNECT_IMAGE}:${IMAGE_TAG} name: playbook-dispatcher-event-consumer resources: @@ -348,6 +355,24 @@ objects: limits: cpu: 200m memory: 256Mi + env: + - name: KAFKA_USERNAME + valueFrom: + secretKeyRef: + key: client_id + name: app-auth + - name: KAFKA_SECRET + valueFrom: + secretKeyRef: + key: client_secret + name: app-auth + volumeMounts: + - name: volume-temp + mountPath: /tmp/temp-files + volumes: + - name: volume-temp + emptyDir: {} + # this service is only used in ephemeral to give the ephemeral kafka a stable address - apiVersion: v1 diff --git a/event-streams/Dockerfile b/event-streams/Dockerfile index ee80b76b..373714f5 100644 --- a/event-streams/Dockerfile +++ b/event-streams/Dockerfile @@ -40,6 +40,7 @@ RUN microdnf install jq COPY event-streams/check-connectors.sh / COPY examples/connector-local.json / +COPY event-streams/build_kafka_consumer_config.sh / RUN mkdir -p ${CONNECT_PLUGIN_PATH} /opt/kafka/custom-config/ diff --git a/event-streams/build_kafka_consumer_config.sh b/event-streams/build_kafka_consumer_config.sh new file mode 100755 index 00000000..622c0bbf --- /dev/null +++ b/event-streams/build_kafka_consumer_config.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +JAAS_FILE=$1 + +cat < $JAAS_FILE +sasl.mechanism=SCRAM-SHA-512 +security.protocol=SASL_SSL +sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \ + username="$KAFKA_USERNAME" \ + password="$KAFKA_SECRET"; +HERE +