-
Notifications
You must be signed in to change notification settings - Fork 271
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(operator): KafkaSQL with TLS support #5444
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great start!
I added a few comments but the bulk of the work is definitely there, thanks 👍
public static final String TRUSTSTORE_SECRET_VOLUME_NAME = "registry-kafkasql-tls-truststore"; | ||
|
||
/** | ||
* Plain KafkaSQL must be already configured. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This comment shows that we are not choosing the right level of encapsulation here.
Please, remove the new KafkaSQLTLS
class and squash the logic in KafkaSQL
.
public static boolean configureKafkaSQLTLS(ApicurioRegistry3 primary, Deployment deployment, | ||
String containerName, Map<String, EnvVar> env) { | ||
|
||
if (primary.getSpec().getApp().getKafkasql() == null |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
after squashing the logic this check goes away
throw new OperatorException("Plain KafkaSQL must be already configured."); | ||
} | ||
|
||
if (primary.getSpec().getApp().getKafkasql().getSecurity() == null) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the following 3 if
statements can be collapsed into one, something similar to:
var kafkasql = primary.getSpec().getApp().getKafkasql();
if (kafkasql.getSecurity() != null && kafkasql.getSecurity().getTls() != null &&
!isBlank(kafkasql.getSecurity().getTls().getKeystoreSecretName()) &&
!isBlank(kafkasql.getSecurity().getTls().getTruststoreSecretName())) {
assigning empty placeholder for null values to go to the next check is confusing.
@@ -2,7 +2,7 @@ | |||
|
|||
import io.apicurio.registry.operator.OperatorException; | |||
import io.apicurio.registry.operator.api.v1.ApicurioRegistry3; | |||
import io.apicurio.registry.operator.feat.KafkaSql; | |||
import io.apicurio.registry.operator.feat.KafkaSQL; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what's the reason for this rename?
if we rename KafkaSql
to KafkaSQL
, it would be best to rename also PostgresSql
for consistency.
Not mandatory, but I encourage you to keep this change in separate PR.
.create(); | ||
final var clusterNAme = "my-cluster"; | ||
client.load(getClass().getResourceAsStream("/k8s/examples/kafkasql/plain/example-cluster.kafka.yaml")) | ||
.createOrReplace(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the test should start on an empty namespace, this change will mask issues.
If you happen to be in the situation where this is needed, we should probably first merge #5364 and debug it.
} | ||
|
||
@Test | ||
void testKafkaSQLTLS() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would keep this test in the KafkaSQLITTest
, no need to have separate classes with a single test inside.
env: | ||
- name: QUARKUS_LOG_LEVEL | ||
value: debug | ||
- name: QUARKUS_LOG_CATEGORY_IO_APICURIO_LEVEL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
curious about this, I always used only the former env var to debug...
@Getter | ||
@Setter | ||
@ToString | ||
public class ApicurioRegistry3SpecKafkaSqlSecurity implements KubernetesResource { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of keep adding suffixes I think we should consolidate on using package/namespaces like we did for Sql:
https://github.com/Apicurio/apicurio-registry/tree/main/operator/model/src/main/java/io/apicurio/registry/operator/api/v1/spec
ApicurioRegistry3SpecKafkaSqlSecurity
is ways too long of a name ...
@Getter | ||
@Setter | ||
@ToString | ||
public class ApicurioRegistry3SpecKafkaSqlTLS implements KubernetesResource { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same comment on naming.
No description provided.