Merge pull request #54 from alercebroker/logstash/kafka-authentication

feat: add option to use kafka authentication on logstash
alercebroker · Mar 10, 2023 · f4f3a0c · f4f3a0c
2 parents b79c9f3 + 3729b5a
commit f4f3a0c
Show file tree

Hide file tree

Showing 5 changed files with 69 additions and 8 deletions.
diff --git a/charts/logstash/Chart.yaml b/charts/logstash/Chart.yaml
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "8.6.1-amd64"
+appVersion: "7.16.2"
diff --git a/charts/logstash/templates/configmap.yaml b/charts/logstash/templates/configmap.yaml
@@ -1,7 +1,8 @@
+---
 kind: ConfigMap
 apiVersion: v1
 metadata:
-  name: {{ include "logstash.fullname" . }}
+  name: '{{ include "logstash.fullname" . }}-plaintext'
   namespace: {{ .Values.namespace }}
 data:
   log-pipeline-es.conf: |-
@@ -16,6 +17,37 @@ data:
     }
     filter {
 
+    }
+    output {
+        opensearch {
+            hosts       => ["${ES_HOST}"]
+            user        => "${LOGSTASH_USER}"
+            password    => "${LOGSTASH_PASSWORD}"
+            index => "pipeline-metrics-%{+YYYY-MM-dd}"
+        }
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: '{{ include "logstash.fullname" . }}-sasl'
+  namespace: {{ .Values.namespace }}
+data:
+  log-pipeline-es.conf: |-
+    input {
+        kafka {
+            bootstrap_servers => "${CONSUMER_SERVER}"
+            topics =>  ["${METRICS_TOPIC}"]
+            codec => "json"
+            group_id => "logstash"
+            auto_offset_reset => "earliest"
+            security_protocol => "SASL_SSL"
+            sasl_mechanism => "SCRAM-SHA-512"
+            sasl_jaas_config => "org.apache.kafka.common.security.scram.ScramLoginModule required username='${KAFKA_USERNAME}' password='${KAFKA_PASSWORD}';"
+      }
+    }
+    filter {
+
     }
     output {
         opensearch {

diff --git a/charts/logstash/templates/deployment.yaml b/charts/logstash/templates/deployment.yaml
@@ -54,10 +54,24 @@ spec:
               value: {{ .Values.kafkaHost }}
             - name: METRICS_TOPIC
               value: {{ .Values.kafkaTopic }}
+            - name: KAFKA_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: kafka-auth
+                  key: username
+            - name: KAFKA_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: kafka-auth
+                  key: password
       volumes:
       - name: log-pipeline-config
         configMap:
-          name: {{ include "logstash.fullname" . }}
+          {{- if .Values.secrets.kafkaAuth.enabled }}
+          name: '{{ include "logstash.fullname" . }}-sasl'
+          {{- else }}
+          name: '{{ include "logstash.fullname" . }}-plaintext'
+          {{- end}}
           items:
           - key: log-pipeline-es.conf
             path: log-pipeline-es.conf

diff --git a/charts/logstash/templates/secret.yaml b/charts/logstash/templates/secret.yaml
@@ -1,8 +1,18 @@
+---
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "logstash.fullname" . }}
   namespace: {{ .Values.namespace }}
 stringData:
-  username: {{ .Values.secrets.username }}
-  password: {{ .Values.secrets.password }}
+  username: {{ .Values.secrets.elasticsearch.username }}
+  password: {{ .Values.secrets.elasticsearch.password }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kafka-auth
+  namespace: {{ .Values.namespace }}
+stringData:
+  username: {{ .Values.secrets.kafkaAuth.username }}
+  password: {{ .Values.secrets.kafkaAuth.password }}
diff --git a/charts/logstash/values.yaml b/charts/logstash/values.yaml
@@ -20,8 +20,13 @@ kafkaHost: ""
 kafkaTopic: "metrics"
 
 secrets:
-  username: ""
-  password: ""
+  elasticsearch:
+    username: ""
+    password: ""
+  kafkaAuth:
+    enabled: false
+    username: ""
+    password: ""
 
 resources: {}