Merge pull request #869 from lsst-it/IT-6108/rook-kafka-secrets

(ayekan,konkong,elqui) convert CephBucketTopic kafka configuration to use k8s secrets

Author: jhoblitt

fleet/lib/rook-ceph-conf/charts/ayekan/templates/cephbuckettopic-lsst.s3.raw.comcam.yaml

@@ -14,9 +14,9 @@ spec:
       ackLevel: broker
       useSSL: true
       mechanism: SCRAM-SHA-512
-      UserSecretRef:  # lowercase for rook >= 1.17.2
+      userSecretRef:
         name: &item kafka-bucket-notifications
         key: username
-      PasswordSecretRef:  # lowercase for rook >= 1.17.2
+      passwordSecretRef:
         name: *item
         key: password

fleet/lib/rook-ceph-conf/charts/ayekan/templates/cephbuckettopic-lsst.s3.raw.latiss.yaml

@@ -14,9 +14,9 @@ spec:
       ackLevel: broker
       useSSL: true
       mechanism: SCRAM-SHA-512
-      UserSecretRef:  # lowercase for rook >= 1.17.2
+      userSecretRef:
         name: &item kafka-bucket-notifications
         key: username
-      PasswordSecretRef:  # lowercase for rook >= 1.17.2
+      passwordSecretRef:
         name: *item
         key: password

fleet/lib/rook-ceph-conf/charts/ayekan/templates/cephbuckettopic-lsst.s3.raw.lsstcam.yaml

@@ -14,9 +14,9 @@ spec:
       ackLevel: broker
       useSSL: true
       mechanism: SCRAM-SHA-512
-      UserSecretRef:  # lowercase for rook >= 1.17.2
+      userSecretRef:
         name: &item kafka-bucket-notifications
         key: username
-      PasswordSecretRef:  # lowercase for rook >= 1.17.2
+      passwordSecretRef:
         name: *item
         key: password

rke2/elqui/rook-ceph/s3/bucket-rubinobs-raw-comcam-cephbuckettopic.yaml renamed to fleet/lib/rook-ceph-conf/charts/elqui/templates/cephbuckettopic-lsst.s3.raw.comcam.yaml

@@ -10,7 +10,13 @@ spec:
   persistent: false
   endpoint:
     kafka:
-      uri: kafka://@sasquatch-summit-kafka-bootstrap.lsst.codes:9094
+      uri: kafka://sasquatch-summit-kafka-bootstrap.lsst.codes:9094
       ackLevel: broker
       useSSL: true
       mechanism: SCRAM-SHA-512
+      userSecretRef:
+        name: &item kafka-bucket-notifications
+        key: username
+      passwordSecretRef:
+        name: *item
+        key: password

rke2/elqui/rook-ceph/s3/bucket-rubinobs-raw-latiss-cephbuckettopic.yaml renamed to fleet/lib/rook-ceph-conf/charts/elqui/templates/cephbuckettopic-lsst.s3.raw.latiss.yaml

@@ -10,7 +10,13 @@ spec:
   persistent: false
   endpoint:
     kafka:
-      uri: kafka://@sasquatch-summit-kafka-bootstrap.lsst.codes:9094
+      uri: kafka://sasquatch-summit-kafka-bootstrap.lsst.codes:9094
       ackLevel: broker
       useSSL: true
       mechanism: SCRAM-SHA-512
+      userSecretRef:
+        name: &item kafka-bucket-notifications
+        key: username
+      passwordSecretRef:
+        name: *item
+        key: password

rke2/elqui/rook-ceph/s3/bucket-rubinobs-raw-lsstcam-cephbuckettopic.yaml renamed to fleet/lib/rook-ceph-conf/charts/elqui/templates/cephbuckettopic-lsst.s3.raw.lsstcam.yaml

@@ -10,7 +10,13 @@ spec:
   persistent: false
   endpoint:
     kafka:
-      uri: kafka://@sasquatch-summit-kafka-bootstrap.lsst.codes:9094
+      uri: kafka://sasquatch-summit-kafka-bootstrap.lsst.codes:9094
       ackLevel: broker
       useSSL: true
       mechanism: SCRAM-SHA-512
+      userSecretRef:
+        name: &item kafka-bucket-notifications
+        key: username
+      passwordSecretRef:
+        name: *item
+        key: password

fleet/lib/rook-ceph-conf/charts/elqui/templates/externalsecrets-kafka-bucket-notifications.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: kafka-bucket-notifications
+  namespace: rook-ceph
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword
+  data:
+    - secretKey: username
+      remoteRef:
+        key: &item kafka-bucket-notifications
+        property: username
+    - secretKey: password
+      remoteRef:
+        key: *item
+        property: password

rke2/konkong/rook-ceph/s3/bucket-rubinobs-raw-latiss-cephbuckettopic.yaml renamed to fleet/lib/rook-ceph-conf/charts/konkong/templates/cephbuckettopic-lsst.s3.raw.latiss.yaml

@@ -10,7 +10,13 @@ spec:
   persistent: false
   endpoint:
     kafka:
-      uri: kafka://@sasquatch-base-kafka-bootstrap.lsst.codes:9094
+      uri: kafka://sasquatch-base-kafka-bootstrap.lsst.codes:9094
       ackLevel: broker
       useSSL: true
       mechanism: SCRAM-SHA-512
+      userSecretRef:
+        name: &item kafka-bucket-notifications
+        key: username
+      passwordSecretRef:
+        name: *item
+        key: password

rke2/konkong/rook-ceph/s3/bucket-rubinobs-raw-lsstcam-cephbuckettopic.yaml renamed to fleet/lib/rook-ceph-conf/charts/konkong/templates/cephbuckettopic-lsst.s3.raw.lsstcam.yaml

@@ -10,7 +10,13 @@ spec:
   persistent: false
   endpoint:
     kafka:
-      uri: kafka://@sasquatch-base-kafka-bootstrap.lsst.codes:9094
+      uri: kafka://sasquatch-base-kafka-bootstrap.lsst.codes:9094
       ackLevel: broker
       useSSL: true
       mechanism: SCRAM-SHA-512
+      userSecretRef:
+        name: &item kafka-bucket-notifications
+        key: username
+      passwordSecretRef:
+        name: *item
+        key: password

fleet/lib/rook-ceph-conf/charts/konkong/templates/externalsecrets-kafka-bucket-notifications.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: kafka-bucket-notifications
+  namespace: rook-ceph
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword
+  data:
+    - secretKey: username
+      remoteRef:
+        key: &item kafka-bucket-notifications
+        property: username
+    - secretKey: password
+      remoteRef:
+        key: *item
+        property: password