Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Add custom ports to istio-ingressgateway service


  • Export existing service definition
Code Block
languagebash
themeMidnight
titleAdd Custom ports
collapsetrue
1. Export existing service definition:
	kubectl -n istio-ingress get service istio-ingressgateway -o yaml > istio_ingressgateway.yaml
2. 
  • Check

...

  • existing

...

  • Nodeports

...

  • (The

...

  • range

...

  • of

...

  • valid

...

  • ports

...

  • is

...

  • 30000-32767) and choose 4 free ports (e.g. 30900, 30901,30902, 30910)
Code Block
languagebash
themeMidnight

	kubectl get svc -A |grep Load
	kubectl get svc -A |grep NodePort
3. Choose 4 free ports (e.g. 30900, 30901,30902, 30910)
4. Edit  
  • Edit istio_ingressgateway.yaml

...

  • and add new ports
Code Block
languageyml
themeMidnight
 add:
  - port: 9010
    nodePort: 30910
    targetPort: 9010
    name: kafka-bootstrap
    protocol: TCP
  - port: 9000
    nodePort: 30900
    targetPort: 9000
    name: kafka-0
    protocol: TCP
  - port: 9001
    nodePort: 30901
    targetPort: 9001
    name: kafka-1
    protocol: TCP
  - port: 9002
    nodePort: 30902
    targetPort: 9002
    name: kafka-2
    protocol: TCP
5. 
  • Apply

...

  • changes:
Code Block
languagebash
themeMidnight
kubectl apply -
     kubectl apply -f ./istio_ingressgateway.yaml 

Modify onap-strimzi-kafka pods and services to disable TLS and set advertizedHosts

...

Code Block
languagebash
themeMidnight
 	cd /opt/oom/kubernetes
	vi strimzi/templates/strimzi-kafka.yaml
	Update "tls" and "authentication.type" of the "external" kafka listener:
    ---
      - name: external
        port: 9094
        type: nodeport
        tls: false
        authentication:
          type: {{ .Values.config.saslMechanism }}
        configuration:
          brokers:
            - broker: 0
              advertisedHost: kafka-api.simpledemo.onap.org
              advertisedPort: 9000
            - broker: 1
              advertisedHost: kafka-api.simpledemo.onap.org
              advertisedPort: 9001
            - broker: 2
              advertisedHost: kafka-api.simpledemo.onap.org
              advertisedPort: 9002 
    • Apply the changes to onap-strimzi
Code Block
languagebash
themeMidnight
make strimzi
helm upgrade -i onap-strimzi local/strimzi --namespace onap --version 12.0.0 --values /opt/oom/kubernetes/onap/values.yaml --values /opt/oom/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml --values /opt/oom/kubernetes/onap/resources/overrides/environment.yaml --values /home/ubuntu/oom/master/onap-overrides.yaml --timeout '900s'

...

Code Block
languagebash
themeMidnight
titletls-user.yaml
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
  labels:
    argocd.argoproj.io/instance: external-strimzi-kafka-user
    strimzi.io/cluster: onap-strimzi
  name: external-strimzi-kafka-user
  namespace: onap
spec:
  authentication:
    type: scram-sha-512
  authorization:
    acls:
:
    type: scram-sha-512
  authorization:
    acls:
      - resource:
          type: topic
          name: unauthenticated.VES_PERF3GPP_OUTPUT
          patternType: literal
        operation: Write
        host: "*"
      - resource:
          type: topic
          name: unauthenticated.VES_PERF3GPP_OUTPUT
          patternType: literal
        operation: Describe
        host: "*"
      - resource:
          type: topic
          name: unauthenticated.VES_NOTIFICATION_OUTPUT
          patternType: literal
        operation: Write
        host: "*"
      - resource:
          type: topic
          name: unauthenticated.VES_NOTIFICATION_OUTPUT
          patternType: literal
        operation: Describe
        host: "*"
      - resource:
          type: topic
          name: unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT
          patternType: literal
        operation: Write
        host: "*"
      - resource:
          type: topic
          name: unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT
          patternType: literal
        operation: Describe
        host: "*"
      - resource:
          type: topic
          name: unauthenticated.VES_MEASUREMENT_OUTPUT
          patternType: literal
        operation: Write
       - host: '"*'"
      - resource:
 operation: All
        resourcetype: topic
          name: '*'unauthenticated.VES_MEASUREMENT_OUTPUT
          patternType: literal
        operation:  type: topic
    typeDescribe
        host: "*"
    type: simple
 
  • Apply tlskafka-user.yaml
Code Block
languagebash
themeMidnight
titleCreate user
kubectl apply -f kafka-user.yaml

...