Skip to content

Commit

Permalink
Add kafla tls support
Browse files Browse the repository at this point in the history
  • Loading branch information
@kgrubb
kgrubb committed Apr 29, 2024
1 parent b7ba3da commit dab56b8
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 4 deletions.
31 changes: 29 additions & 2 deletions charts/netobserv/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,16 @@ spec:
name: netobserv-license
key: license
{{- end }}
{{- if .Values.kafka.enabled }}
- name: EF_OUTPUT_KAFKA_ENABLE
value: 'true'
- name: "EF_OUTPUT_KAFKA_BROKERS"
value: {{ .Values.kafka.brokers }}
{{- end }}
{{- if .Values.kafka.tls.enabled }}
- name: "EF_OUTPUT_KAFKA_TLS_CA_CERT_FILEPATH"
value: "{{ .Values.kafka.tls.caMountPath }}/{{ .Values.kafka.tls.caFilename }}"
{{- end }}
ports:
- name: udp
containerPort: {{ .Values.service.port }}
Expand All @@ -90,10 +100,17 @@ spec:
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- if or .Values.maxmind.asnEnabled .Values.maxmind.geoipEnabled }}
{{- if or .Values.maxmind.asnEnabled .Values.maxmind.geoipEnabled .Values.kafka.tls.enabled }}
volumeMounts:
{{- if or .Values.maxmind.asnEnabled .Values.maxmind.geoipEnabled }}
- name: geolite2-data
mountPath: /etc/elastiflow/maxmind
{{- end }}
{{- if .Values.kafka.tls.enabled }}
- name: {{ .Values.kafka.tls.caConfigMap }}
mountPath: {{ .Values.kafka.tls.caMountPath }}
readOnly: True
{{- end }}
{{- end }}
{{- if or .Values.maxmind.asnEnabled .Values.maxmind.geoipEnabled }}
- name: maxmind-geoipupdate
Expand Down Expand Up @@ -123,10 +140,20 @@ spec:
- name: geolite2-data
mountPath: /data
{{- end }}
{{- if or .Values.maxmind.asnEnabled .Values.maxmind.geoipEnabled }}
{{- if or .Values.maxmind.asnEnabled .Values.maxmind.geoipEnabled .Values.kafka.tls.enabled }}
volumes:
{{- if or .Values.maxmind.asnEnabled .Values.maxmind.geoipEnabled }}
- name: geolite2-data
emptyDir: {}
{{- end }}
{{- if .Values.kafka.tls.enabled }}
- name: {{ .Values.kafka.tls.caFileName }}
configMap:
name: {{ .Values.kafka.tls.caConfigMap }}
items:
- key: {{ .Values.kafka.tls.caConfigMapKey }}
path: {{ .Values.kafka.tls.caFileName }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
Expand Down
23 changes: 21 additions & 2 deletions charts/netobserv/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,6 @@ env:
# EF_OUTPUT_SPLUNK_HEC_ENABLE: 'false'
# EF_OUTPUT_SPLUNK_HEC_ADDRESSES: '127.0.0.1:8088'
# EF_OUTPUT_SPLUNK_HEC_TOKEN: ''
# EF_OUTPUT_KAFKA_ENABLE: 'false'
# EF_OUTPUT_KAFKA_BROKERS: ''
# EF_OUTPUT_KAFKA_SASL_ENABLE: 'false'
# EF_OUTPUT_CRIBL_ENABLE: 'false'
# EF_OUTPUT_CRIBL_ADDRESSES: '127.0.0.1:10080'
Expand All @@ -67,6 +65,27 @@ env:
# EF_OUTPUT_GENERIC_HTTP_ADDRESSES: ''
# EF_OUTPUT_RISKIQ_ENABLE: 'false'

# The Kafka output can be used to send records to Apache Kafka, Confluent Platform,
# Confluent Cloud, Redpanda and Amazon Managed Streaming for Apache Kafka (Amazon MSK).
# https://docs.elastiflow.com/docs/output-kafka
kafka:
# Enable/disable TLS connections to Kafka.
enabled: false
# A comma-separated list of brokers, IP address and port number, to which the collector is to connect.
# Example: "192.0.2.11:9092,192.0.2.12:9092,192.0.2.13:9092"
brokers: ""
tls:
# Enable/disable TLS connections to Kafka.
enabled: false
# The name of the config map that contains the CA certificate.
caConfigMap: ""
# The path to the CA certificate file.
caMountPath: ""
# The key in the config map that contains the CA certificate.
caConfigMapKey: "ca.crt"
# The name of the file that contains the CA certificate.
caFileName: "ca.crt"

license:
# Specifies whether a secret should be created. If you don't have a license, no need to create a license secret.
createSecret: false
Expand Down

0 comments on commit dab56b8

Please sign in to comment.