...
- "Add custom ports to istio-ingressgateway service"
| Code Block | ||||
|---|---|---|---|---|
| ||||
1. Export existing service definition:
kubectl -n istio-ingress get service istio-ingressgateway -o yaml > istio_ingressgateway.yaml
2. Check existing Nodeports (The range of valid ports is 30000-32767)
kubectl get svc -A |grep Load
kubectl get svc -A |grep NodePort
3. Choose 4 free ports (e.g. 30900, 30901,30902, 30903)
4. Edit istio_ingressgateway.yaml and add:
- port: 9003
nodePort: 30903
targetPort: 9003
name: kafka-bootstrap
protocol: TCP
- port: 9000
nodePort: 30900
targetPort: 9000
name: kafka-0
protocol: TCP
- port: 9001
nodePort: 30901
targetPort: 9001
name: kafka-1
protocol: TCP
- port: 9002
nodePort: 30902
targetPort: 9002
name: kafka-2
protocol: TCP
5. Apply changes:
kubectl apply -f ./istio_ingressgateway.yaml |
- "Modify onap-strimzi-kafka pods and services to disable TLS and set advertizedHosts"
| Code Block | ||||
|---|---|---|---|---|
| ||||
1. Login to the K8S Control Node and set the helm environment
helm repo add local http://127.0.0.1:8879
helm plugin install --version v0.10.3 https://github.com/chartmuseum/helm-push.git
git config --global --add safe.directory /opt/oom
2. Modify the onap-strimzi config
cd /opt/oom/kubernetes
vi strimzi/templates/strimzi-kafka.yaml
Update "tls" and "authentication.type" of the "external" kafka listener:
---
- name: external
port: 9094
type: nodeport
tls: false
authentication:
type: {{ .Values.config.saslMechanism }}
configuration:
brokers:
- broker: 0
advertisedHost: kafka-api.simpledemo.onap.org
advertisedPort: 9000
- broker: 1
advertisedHost: kafka-api.simpledemo.onap.org
advertisedPort: 9001
- broker: 2
advertisedHost: kafka-api.simpledemo.onap.org
advertisedPort: 9002
3. Apply the changes to onap-strimzi
make strimzi
helm upgrade -i onap-strimzi local/strimzi --namespace onap --version 12.0.0 --values /opt/oom/kubernetes/onap/values.yaml --values /opt/oom/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml --values /opt/oom/kubernetes/onap/resources/overrides/environment.yaml --values /home/ubuntu/oom/master/onap-overrides.yaml --timeout '900s' |
- Create a file (e.g. kafka-ingress.yaml) Istio Ingress Gateway/VirtualService entries for the kafka-bootstrap-api and the brokers
| Code Block | ||||
|---|---|---|---|---|
| ||||
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: kafka-bootstrap-api-gateway
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- kafka-bootstrap-api.simpledemo.onap.org
port:
name: tls-kafka-bootstrap
number: 9003
protocol: TLS
tls:
credentialName: ingress-tls-secret
mode: SIMPLE
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: kafka-bootstrap-api-service
spec:
hosts:
- kafka-bootstrap-api.simpledemo.onap.org
gateways:
- kafka-bootstrap-api-gateway
tcp:
- match:
- port: 9003
route:
- destination:
host: onap-strimzi-kafka-external-bootstrap
port:
number: 9094
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: kafka-api-gateway
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- kafka-api.simpledemo.onap.org
port:
name: tls-kafka-0
number: 9000
protocol: TLS
tls:
credentialName: ingress-tls-secret
mode: SIMPLE
- hosts:
- kafka-api.simpledemo.onap.org
port:
name: tls-kafka-1
number: 9001
protocol: TLS
tls:
credentialName: ingress-tls-secret
mode: SIMPLE
- hosts:
- kafka-api.simpledemo.onap.org
port:
name: tls-kafka-2
number: 9002
protocol: TLS
tls:
credentialName: ingress-tls-secret
mode: SIMPLE
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: kafka-0-api-service
spec:
hosts:
- kafka-api.simpledemo.onap.org
gateways:
- kafka-api-gateway
tcp:
- match:
- port: 9000
route:
- destination:
host: onap-strimzi-kafka-0
port:
number: 9094
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: kafka-1-api-service
spec:
hosts:
- kafka-api.simpledemo.onap.org
gateways:
- kafka-api-gateway
tcp:
- match:
- port: 9001
route:
- destination:
host: onap-strimzi-kafka-1
port:
number: 9094
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: kafka-2-api-service
spec:
hosts:
- kafka-api.simpledemo.onap.org
gateways:
- kafka-api-gateway
tcp:
- match:
- port: 9002
route:
- destination:
host: onap-strimzi-kafka-2
port:
number: 9094 |
- Apply the file
| Code Block |
|---|
kubectl -n onap apply -f ./kafka-ingress.yaml |
- Add hostnames to DNS (or /etc/hosts) by using the IP Address of the istio-ingressgateway LB
| Code Block |
|---|
sudo vi /etc/hosts
----
10.32.240.14 kafka-bootstrap-api.simpledemo.onap.org
10.32.240.14 kafka-api.simpledemo.onap.org |
- Test the connection
| Code Block |
|---|
sudo apt install kafkacat
kafkacat -L -b kafka-bootstrap-api.simpledemo.onap.org:9003 -X security.protocol=sasl_ssl -X enable.ssl.certificate.verification=false -X sasl.mechanisms=SCRAM-SHA-512 -X sasl.username=<strimzi-user> -X sasl.password=<strimzi-password> -v |