Configuration changes for Kafka Addition
To make use of Kafka for internal communication among ISD services, please follow the steps given below:
Ensure that ISD consumes events from Spinnaker via webhook and not rabbitMQ.
If auto topic creation is not enabled then create the following topics in kafka-cluster.
Topic Name
Publisher
Consumer
Type of events
echo-events-preview-saas-audit
Sapor service
Audit Service
Audit events
isd-events-isd-visibility-service
Sapor Service
Visibility service
Pipeline execution failure events
isd-events-cd-route-info
Sapor service
Visibility, audit and gate service
Apache Camel route events*
isd-events-sapor-service
Gate, visibility, audit and gate service
Sapor service
Apache Camel Route events*
isd-userLoginDetails
Gate service
Sapor service
User Login Details events
Service name
Consumer Group Name
Audit service
oes-audit-consumer-group
Visibility Service
oes-visibility-consumer-group
Gate service
oes-gate-consumer-group
Sapor service
oes-sapor-consumer-group
Do the following config changes under the message-broker section, for audit-service, oes-sapor, visibility-service and gate service in their respective ConfigMaps.
ISD supports only custom use cases of SASL auth and AWS IAM auth for Kafka.
The above configuration varies depending on the type of authentication used.
AWS MSK Authentication
For authentication to MSK in AWS, to set ‘sasl.mechanism’ as ‘SCRAM_SHA-512’ follow the steps given below:
Create the ‘jks’ file as mentioned in AWS documentation and mount that jks file to “/opsmx/conf/kafka.client.truststore.jks”.
Set JAVA_OPTS and KAFKA_OPTS as env variable in deployment of the services. Check out the AWS documentation as to what values we need to set.
Set the service’s config map as shown below:
Mounting JKS file
Prepare the certificate file of kafka server as a configMap for use by ISD.
Create a configMap yaml file and insert the certificate.
Apply the file in the ISD cluster:
Now mount a volume so the certificate becomes usable by the services connecting to kafka.
Edit deployment of the services to insert the below configs in volumes and volumeMounts section. The subPath parameter will have the value of the certificate's name as mentioned in the configMap.
Save the deployments.
Last updated
Was this helpful?