stt/infra-kafka
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
569dff28a78ae23e34faabe4fa63230c789c90ad
infra-kafka/deploy.sh
T
sttlab 569dff28a7 first commit
2026-05-15 07:41:27 +00:00

86 lines
3.0 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
NAMESPACE="kafka"
KAFKA_NAME="kafka"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
echo "==> Checking prerequisites"
command -v kubectl >/dev/null || { echo "kubectl not found"; exit 1; }
command -v helm >/dev/null || { echo "helm not found"; exit 1; }
echo "==> Verifying cluster reachable"
kubectl cluster-info --request-timeout=5s >/dev/null
echo "==> Step 1/5 : Create namespace"
kubectl create namespace "${NAMESPACE}" --dry-run=client -o yaml | kubectl apply -f -
echo "==> Step 2/5 : Install Strimzi operator"
helm repo add strimzi https://strimzi.io/charts/ 2>/dev/null || true
helm repo update strimzi
helm upgrade --install strimzi-kafka-operator strimzi/strimzi-kafka-operator \
--namespace "${NAMESPACE}" \
--set watchAnyNamespace=false \
--wait --timeout 5m
echo "==> Waiting for Strimzi Cluster Operator to be ready"
kubectl rollout status deployment/strimzi-cluster-operator -n "${NAMESPACE}" --timeout=120s
echo "==> Waiting for Strimzi CRDs to be fully established"
for crd in kafkas.kafka.strimzi.io kafkanodepools.kafka.strimzi.io kafkausers.kafka.strimzi.io; do
until kubectl get crd "${crd}" -o jsonpath='{.status.conditions[?(@.type=="Established")].status}' 2>/dev/null | grep -q "True"; do
sleep 2
done
echo " - ${crd} established"
done
echo "==> Step 3/5 : Apply Kafka cluster (KRaft, TLS, SCRAM-SHA-512)"
kubectl apply -f "${SCRIPT_DIR}/kafka.yaml"
echo "==> Waiting for Kafka cluster to be Ready (3-5 min)"
kubectl wait kafka/"${KAFKA_NAME}" \
--for=condition=Ready \
--timeout=10m \
-n "${NAMESPACE}"
echo "==> Step 4/5 : Apply KafkaUsers"
kubectl apply -f "${SCRIPT_DIR}/kafka-users.yaml"
echo "==> Waiting for KafkaUsers to be Ready"
for user in kafka-admin kafka-client; do
echo " - waiting for ${user}"
kubectl wait kafkauser/"${user}" \
--for=condition=Ready \
--timeout=120s \
-n "${NAMESPACE}"
done
echo ""
echo "==> Step 5/5 : Deployment complete"
echo ""
kubectl get pods -n "${NAMESPACE}"
echo ""
echo "Bootstrap (TLS + SCRAM-SHA-512, cluster-internal):"
echo " kafka-kafka-bootstrap.${NAMESPACE}.svc.cluster.local:9093"
echo ""
echo "Get CA cert (import on client side):"
echo " kubectl -n ${NAMESPACE} get secret kafka-cluster-ca-cert \\"
echo " -o jsonpath='{.data.ca\\.crt}' | base64 -d > kafka-ca.crt"
echo ""
echo "Get SCRAM credentials:"
echo " # Admin"
echo " kubectl -n ${NAMESPACE} get secret kafka-admin -o jsonpath='{.data.password}' | base64 -d"
echo " # Client"
echo " kubectl -n ${NAMESPACE} get secret kafka-client -o jsonpath='{.data.password}' | base64 -d"
echo ""
echo "Sample client config (properties):"
echo " bootstrap.servers=kafka-kafka-bootstrap.${NAMESPACE}.svc.cluster.local:9093"
echo " security.protocol=SASL_SSL"
echo " ssl.truststore.type=PEM"
echo " ssl.truststore.certificates=<contents of kafka-ca.crt>"
echo " sasl.mechanism=SCRAM-SHA-512"
echo " sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \\"
echo " username=\"kafka-client\" password=\"<password>\";"
echo ""
Reference in New Issue View Git Blame Copy Permalink