From 528d3bcffa9ce42cc18e5a27b658a3e1a30896d2 Mon Sep 17 00:00:00 2001
From: Diego <diegorodriguezmancini@gmail.com>
Date: Thu, 9 Mar 2023 10:58:59 -0300
Subject: [PATCH 1/2] feat: add option to use kafka authentication

---
 charts/logstash/Chart.yaml                |  2 +-
 charts/logstash/templates/configmap.yaml  | 34 ++++++++++++++++++++++-
 charts/logstash/templates/deployment.yaml | 16 ++++++++++-
 charts/logstash/templates/secret.yaml     | 14 ++++++++--
 charts/logstash/values.yaml               |  9 ++++--
 5 files changed, 68 insertions(+), 7 deletions(-)

diff --git a/charts/logstash/Chart.yaml b/charts/logstash/Chart.yaml
index fc37913..7d0d58d 100644
--- a/charts/logstash/Chart.yaml
+++ b/charts/logstash/Chart.yaml
@@ -21,4 +21,4 @@ version: 0.2.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "8.6.1-amd64"
+appVersion: "7.16.2"
diff --git a/charts/logstash/templates/configmap.yaml b/charts/logstash/templates/configmap.yaml
index 65c30ba..c497cce 100644
--- a/charts/logstash/templates/configmap.yaml
+++ b/charts/logstash/templates/configmap.yaml
@@ -1,7 +1,8 @@
+---
 kind: ConfigMap
 apiVersion: v1
 metadata:
-  name: {{ include "logstash.fullname" . }}
+  name: '{{ include "logstash.fullname" . }}-plaintext'
   namespace: {{ .Values.namespace }}
 data:
   log-pipeline-es.conf: |-
@@ -16,6 +17,37 @@ data:
     }
     filter {
 
+    }
+    output {
+        opensearch {
+            hosts       => ["${ES_HOST}"]
+            user        => "${LOGSTASH_USER}"
+            password    => "${LOGSTASH_PASSWORD}"
+            index => "pipeline-metrics-%{+YYYY-MM-dd}"
+        }
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: '{{ include "logstash.fullname" . }}-sasl'
+  namespace: {{ .Values.namespace }}
+data:
+  log-pipeline-es.conf: |-
+    input {
+        kafka {
+            bootstrap_servers => "${CONSUMER_SERVER}"
+            topics =>  ["${METRICS_TOPIC}"]
+            codec => "json"
+            group_id => "logstash"
+            auto_offset_reset => "earliest"
+            security_protocol => "SASL_SSL"
+            sasl_mechanism => "SCRAM-SHA-512"
+            sasl_jaas_config => "org.apache.kafka.common.security.scram.ScramLoginModule required username='${KAFKA_USERNAME}' password='${KAFKA_PASSWORD}';"
+      }
+    }
+    filter {
+
     }
     output {
         opensearch {
diff --git a/charts/logstash/templates/deployment.yaml b/charts/logstash/templates/deployment.yaml
index 4118256..a7fbbb1 100644
--- a/charts/logstash/templates/deployment.yaml
+++ b/charts/logstash/templates/deployment.yaml
@@ -54,10 +54,24 @@ spec:
               value: {{ .Values.kafkaHost }}
             - name: METRICS_TOPIC
               value: {{ .Values.kafkaTopic }}
+            - name: KAFKA_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: kafka-auth
+                  key: username
+            - name: KAFKA_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: kafka-auth
+                  key: password
       volumes:
       - name: log-pipeline-config
         configMap:
-          name: {{ include "logstash.fullname" . }}
+          {{- if .Values.secrets.kafkaAuth.enabled }}
+          name: '{{ include "logstash.fullname" . }}-sasl'
+          {{- else }}
+          name: '{{ include "logstash.fullname" . }}-plaintext'
+          {{- end}}
           items:
           - key: log-pipeline-es.conf
             path: log-pipeline-es.conf
diff --git a/charts/logstash/templates/secret.yaml b/charts/logstash/templates/secret.yaml
index 1cddac9..71adb17 100644
--- a/charts/logstash/templates/secret.yaml
+++ b/charts/logstash/templates/secret.yaml
@@ -1,8 +1,18 @@
+---
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "logstash.fullname" . }}
   namespace: {{ .Values.namespace }}
 stringData:
-  username: {{ .Values.secrets.username }}
-  password: {{ .Values.secrets.password }}
\ No newline at end of file
+  username: {{ .Values.secrets.elasticsearch.username }}
+  password: {{ .Values.secrets.elasticsearch.password }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kafka-auth
+  namespace: {{ .Values.namespace }}
+stringData:
+  username: {{ .Values.secrets.kafkaAuth.username }}
+  password: {{ .Values.secrets.kafkaAuth.password }}
\ No newline at end of file
diff --git a/charts/logstash/values.yaml b/charts/logstash/values.yaml
index 6d592bb..51633ff 100644
--- a/charts/logstash/values.yaml
+++ b/charts/logstash/values.yaml
@@ -20,8 +20,13 @@ kafkaHost: ""
 kafkaTopic: "metrics"
 
 secrets:
-  username: ""
-  password: ""
+  elasticsearch:
+    username: ""
+    password: ""
+  kafkaAuth:
+    enabled: false
+    username: ""
+    password: ""
 
 resources: {}
 

From 3729b5a0de6fde1f07cb2b0fb796f466315d810a Mon Sep 17 00:00:00 2001
From: Diego <diegorodriguezmancini@gmail.com>
Date: Thu, 9 Mar 2023 12:27:57 -0300
Subject: [PATCH 2/2] chore: update chart version

---
 charts/logstash/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/logstash/Chart.yaml b/charts/logstash/Chart.yaml
index 7d0d58d..fcdfc0f 100644
--- a/charts/logstash/Chart.yaml
+++ b/charts/logstash/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to