Versions Compared

Old Version 1

changes.mady.by.user Andreas Geißler

Saved on

compared with

New Version 2

changes.mady.by.user Andreas Geißler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Add Kafka User for external Access

  • Login to the cluster control node
  • Create kafka-user.yaml file
Code Block
languagebash
themeMidnight
titletls-user.yaml
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
  labels:
    argocd.argoproj.io/instance: external-strimzi-kafka-user
    strimzi.io/cluster: onap-strimzi
  name: external-strimzi-kafka-user
  namespace: onap
spec:
  authentication:
    type: scram-sha-512
  authorization:
    acls:
      - resource:
          type: topic
          name: unauthenticated.VES_PERF3GPP_OUTPUT
          patternType: literal
        operation: Write
        host: "*"
      - resource:
          type: topic
          name: unauthenticated.VES_PERF3GPP_OUTPUT
          patternType: literal
        operation: Describe
        host: "*"
      - resource:
          type: topic
          name: unauthenticated.VES_NOTIFICATION_OUTPUT
          patternType: literal
        operation: Write
        host: "*"
      - resource:
          type: topic
          name: unauthenticated.VES_NOTIFICATION_OUTPUT
          patternType: literal
        operation: Describe
        host: "*"
      - resource:
          type: topic
          name: unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT
          patternType: literal
        operation: Write
        host: "*"
      - resource:
          type: topic
          name: unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT
          patternType: literal
        operation: Describe
        host: "*"
      - resource:
          type: topic
          name: unauthenticated.VES_MEASUREMENT_OUTPUT
          patternType: literal
        operation: Write
        host: "*"
      - resource:
          type: topic
          name: unauthenticated.VES_MEASUREMENT_OUTPUT
          patternType: literal
        operation: Describe
        host: "*"
      typetype: simple
  • Apply kafka-user.yaml

...

Code Block
languagebash
themeMidnight
titleCheck/List new user
root@control01-daily-master-sm:/# kubectl -n onap get kafkauser
NAME                              CLUSTER        AUTHENTICATION   AUTHORIZATION   READY
external-strimzi-kafka-user
aai-modelloader-ku               onap-strimzi   scram-sha-512    simple          True
cds-blueprints-processor-ku      onap-strimzi   scram-sha-512    simple          True
cds-sdc-listener-ku              onap-strimzi   scram-sha-512    simple          True
cps-core-ku                      onap-aai-sdc-list-user   -strimzi   scram-sha-512    simple          True
cps-temporal-ku                  onap-strimzi   scram-sha-512    simple          True
dcae-hv-ves-collector-ku         onap-strimzi   scram-sha-512    simple          True
onap-cds-sdc-list-user
dcae-ves-openapi-manager-ku      onap-strimzi   scram-sha-512    simple          True
external-strimzi-kafka-user      onap-strimzi   scram-sha-512    simple          True
multicloud-k8s-ku                onap-strimzi   scram-sha-512    simple          True
onap-cps-kafka-user              onap-strimzi   scram-sha-512    simple          True
onap-policy-kafka-user           onap-strimzi   scram-sha-512    simple          True
onap-so-sdc-dcae-hv-ves-kafka-user   list-user            onap-strimzi   scram-sha-512    simple          True
policy-clamp-ac-a1pms-ppnt-ku    onap-strimzi   scram-sha-512    simple          True
policy-clamp-ac-http-ppnt-ku  onap-mc-k8s-sdc-list-kafka-user   onap-strimzi   scram-sha-512    simple          True
policy-clamp-ac-k8s-ppnt-ku      onap-strimzi   scram-sha-512    simple          True
policy-clamp-ac-kserve-ppnt-ku   onap-strimzi   scram-sha-512    simple          True
policy-clamp-ac-pf-ppnt-ku       onap-policy-kafka-userstrimzi   scram-sha-512    simple          True
policy-clamp-runtime-acm-ku      onap-strimzi   scram-sha-512    simple          True
policy-distribution-ku           onap-strimzi   scram-sha-512    simple          True
sdc-be-kafka-userku                        onap-strimzi   scram-sha-512    simple          True
strimzi-kafka-admin               onap-strimzi   scram-sha-512          simple          True
  • List strimzi secrets
Code Block
languagebash
themeMidnight
titleList user secrets
oot@control01root@control01-daily-master-sm:/# kubectl -n onap get secret|grep strimzi
external-strimzi-kafka-user                                        Opaque                                2      2m7s
...

...

Code Block
languagebash
themeMidnight
sudo vi /etc/hosts
---- 
10.32.240242.1456 kafka-bootstrap-api.simpledemo.onap.org
10.32.242.56 kafka-0-api.simpledemo.onap.org
10.32.240.14 kafka242.56 kafka-1-api.simpledemo.onap.org
10.32.242.56 kafka-2-api.simpledemo.onap.org


  • Install KafkaCat

...

  • Get the Metadata (use an existing Kafka User, here "external-strimzi-kafka-user") using the sasl.password exported above:
Code Block
languagebash
themeMidnight
collapsetrue
root@control01-daily-master-sm:/# kafkacat -L -b kafka-bootstrap-api.simpledemo.onap.org:9003 -X security.protocol=sasl_ssl -X enable.ssl.certificate.verification=false -X sasl.mech-SHA-512 -X sasl.username=external-strimzi-kafka-user -X sasl.password=hCv4IZ3Q6XLR -v 
Metadata for all topics (from broker -1: sasl_ssl://kafka-bootstrap-api.simpledemo.onap.org:9003/bootstrap):
 3 brokers:
  broker 0 at kafka-api.simpledemo.onap.org:9000 (controller)
  broker 2 at kafka-api.simpledemo.onap.org:9002
  broker 1 at kafka-api.simpledemo.onap.org:9001
 33 topics:
  topic "org.onap.dmaap.mr.PNF_REGISTRATION" with 2 partitions:
    partition 0, leader 2, replicas: 2, isrs: 2
    partition 1, leader 1, replicas: 1, isrs: 1 ...

...