CFK-2226 Examples/playbooks for external access MRC (#222)

* mrc

* remove bad files, fix comments

* active pass SR info

* fix port

* various fixes

* 7.4 image

* copy searchscope changes

* remove TLS on schema LB

Author: kcorman0

hybrid/multi-region-clusters/README.md

@@ -0,0 +1,42 @@
+apiVersion: platform.confluent.io/v1beta1
+kind: ControlCenter
+metadata:
+  name: controlcenter
+  namespace: central
+spec:
+  authorization:
+    type: rbac
+  configOverrides:
+    server:
+      - confluent.controlcenter.streams.consumer.client.rack=us-central1
+      - confluent.controlcenter.streams.replication.factor=-1
+  dataVolumeCapacity: 10Gi
+  dependencies:
+    kafka:
+      authentication:
+        jaasConfig:
+          secretRef: credential
+        type: plain
+      bootstrapEndpoint: kafka.central.svc.cluster.local:9071,kafka-east.platformops.dev.gcp.devel.cpdev.cloud:9092,kafka-west.platformops.dev.gcp.devel.cpdev.cloud:9092
+      tls:
+        enabled: true
+    mds:
+      authentication:
+        bearer:
+          secretRef: c3-mds-client
+        type: bearer
+      endpoint: https://kafka.central.svc.cluster.local:8090
+      tls:
+        enabled: true
+      tokenKeyPair:
+        secretRef: mds-token
+    schemaRegistry:
+      tls:
+        enabled: true
+      url: https://schemaregistry.central.svc.cluster.local:8081,https://sr-east.platformops.dev.gcp.devel.cpdev.cloud:443,https://sr-west.platformops.dev.gcp.devel.cpdev.cloud:443
+  image:
+    application: confluentinc/cp-enterprise-control-center:7.4.0
+    init: confluentinc/confluent-init-container:2.6.0
+  replicas: 1
+  tls:
+    autoGeneratedCerts: true

hybrid/multi-region-clusters/external-access/README.md

@@ -0,0 +1,2 @@
+username=kafka
+password=kafka-secret

hybrid/multi-region-clusters/external-access/confluent-platform/controlcenter.yaml

@@ -0,0 +1,2 @@
+username=operator
+password=operator-secret

hybrid/multi-region-clusters/confluent-platform/credentials/c3-mds-client.txt hybrid/multi-region-clusters/external-access/confluent-platform/credentials/c3-mds-client.txt

@@ -0,0 +1,118 @@
+apiVersion: platform.confluent.io/v1beta1
+kind: Kafka
+metadata:
+  name: kafka
+  namespace: central
+spec:
+  authorization:
+    superUsers:
+      - User:kafka
+    type: rbac
+  configOverrides:
+    server:
+      - client.rack=us-central1
+      - confluent.license.topic.replication.factor=3
+      - replica.selector.class=org.apache.kafka.common.replica.RackAwareReplicaSelector
+  dataVolumeCapacity: 10Gi
+  dependencies:
+    kafkaRest:
+      authentication:
+        bearer:
+          secretRef: mds-client
+        type: bearer
+    zookeeper:
+      authentication:
+        jaasConfig:
+          secretRef: credential
+        type: digest
+      endpoint: zookeeper.central.svc.cluster.local:2182,zk-east.platformops.dev.gcp.devel.cpdev.cloud:2182,zk-west.platformops.dev.gcp.devel.cpdev.cloud:2182/mrc
+      tls:
+        enabled: true
+  image:
+    application: confluentinc/cp-server:7.4.0
+    init: confluentinc/confluent-init-container:2.6.0
+  listeners:
+    external:
+      authentication:
+        jaasConfig:
+          secretRef: credential
+        type: plain
+      tls:
+        enabled: true
+      externalAccess:
+        loadBalancer:
+          bootstrapPrefix: kafka-central-ext
+          brokerPrefix: kafka-central-ext
+          domain: platformops.dev.gcp.devel.cpdev.cloud
+        type: loadBalancer
+    replication:
+      authentication:
+        jaasConfig:
+          secretRef: credential
+        type: plain
+      tls:
+        enabled: true
+      externalAccess:
+        loadBalancer:
+          bootstrapPrefix: kafka-central
+          brokerPrefix: kafka-central
+          domain: platformops.dev.gcp.devel.cpdev.cloud
+        type: loadBalancer
+    internal:
+      authentication:
+        jaasConfig:
+          secretRef: credential
+        type: plain
+      tls:
+        enabled: true
+  podTemplate:
+    serviceAccountName: kafka
+  rackAssignment:
+    nodeLabels:
+      - topology.kubernetes.io/region
+  replicas: 2
+  services:
+    mds:
+      externalAccess:
+        type: loadBalancer
+        loadBalancer:
+          domain: platformops.dev.gcp.devel.cpdev.cloud
+          prefix: mds-central
+          advertisedURL:
+            enabled: true
+            prefix: mds-central
+      provider:
+        ldap:
+          address: ldap://ldap-0.ldap.central.svc.cluster.local:389
+          authentication:
+            simple:
+              secretRef: credential
+            type: simple
+          configurations:
+            groupMemberAttribute: member
+            groupMemberAttributePattern: CN=(.*),DC=test,DC=com
+            groupNameAttribute: cn
+            groupObjectClass: group
+            groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
+            userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
+            userNameAttribute: cn
+            userObjectClass: organizationalRole
+            userSearchBase: dc=test,dc=com
+            userSearchScope: 1
+        type: ldap
+      tls:
+        enabled: true
+      tokenKeyPair:
+        secretRef: mds-token
+  tls:
+    autoGeneratedCerts: true
+  metricReporter:
+    enabled: true
+    bootstrapEndpoint: kafka-central.platformops.dev.gcp.devel.cpdev.cloud:9072
+    authentication:        
+      jaasConfig:
+        secretRef: metric-creds
+      type: plain
+    tls:
+      enabled: true

hybrid/multi-region-clusters/confluent-platform/credentials/mds-client.txt hybrid/multi-region-clusters/external-access/confluent-platform/credentials/kafka-server-plain-interbroker.txt

@@ -0,0 +1,120 @@
+apiVersion: platform.confluent.io/v1beta1
+kind: Kafka
+metadata:
+  annotations:
+    platform.confluent.io/broker-id-offset: "10"
+  name: kafka
+  namespace: east
+spec:
+  authorization:
+    superUsers:
+      - User:kafka
+    type: rbac
+  configOverrides:
+    server:
+      - client.rack=us-east1
+      - confluent.license.topic.replication.factor=3
+      - replica.selector.class=org.apache.kafka.common.replica.RackAwareReplicaSelector
+  dataVolumeCapacity: 10Gi
+  dependencies:
+    kafkaRest:
+      authentication:
+        bearer:
+          secretRef: mds-client
+        type: bearer
+    zookeeper:
+      authentication:
+        jaasConfig:
+          secretRef: credential
+        type: digest
+      endpoint: zk-central.platformops.dev.gcp.devel.cpdev.cloud:2182,zookeeper.east.svc.cluster.local:2182,zk-west.platformops.dev.gcp.devel.cpdev.cloud:2182/mrc
+      tls:
+        enabled: true
+  image:
+    application: confluentinc/cp-server:7.4.0
+    init: confluentinc/confluent-init-container:2.6.0
+  listeners:
+    external:
+      authentication:
+        jaasConfig:
+          secretRef: credential
+        type: plain
+      tls:
+        enabled: true
+      externalAccess:
+        loadBalancer:
+          bootstrapPrefix: kafka-east-ext
+          brokerPrefix: kafka-east-ext
+          domain: platformops.dev.gcp.devel.cpdev.cloud
+        type: loadBalancer
+    replication:
+      authentication:
+        jaasConfig:
+          secretRef: credential
+        type: plain
+      tls:
+        enabled: true
+      externalAccess:
+        loadBalancer:
+          bootstrapPrefix: kafka-east
+          brokerPrefix: kafka-east
+          domain: platformops.dev.gcp.devel.cpdev.cloud
+        type: loadBalancer
+    internal:
+      authentication:
+        jaasConfig:
+          secretRef: credential
+        type: plain
+      tls:
+        enabled: true
+  podTemplate:
+    serviceAccountName: kafka
+  rackAssignment:
+    nodeLabels:
+      - topology.kubernetes.io/region
+  replicas: 2
+  services:
+    mds:
+      externalAccess:
+        type: loadBalancer
+        loadBalancer:
+          domain: platformops.dev.gcp.devel.cpdev.cloud
+          prefix: mds-east
+          advertisedURL:
+            enabled: true
+            prefix: mds-east
+      provider:
+        ldap:
+          address: ldap://ldap-central.platformops.dev.gcp.devel.cpdev.cloud:389
+          authentication:
+            simple:
+              secretRef: credential
+            type: simple
+          configurations:
+            groupMemberAttribute: member
+            groupMemberAttributePattern: CN=(.*),DC=test,DC=com
+            groupNameAttribute: cn
+            groupObjectClass: group
+            groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
+            userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
+            userNameAttribute: cn
+            userObjectClass: organizationalRole
+            userSearchBase: dc=test,dc=com
+            userSearchScope: 1
+        type: ldap
+      tls:
+        enabled: true
+      tokenKeyPair:
+        secretRef: mds-token
+  tls:
+    autoGeneratedCerts: true
+  metricReporter:
+    enabled: true
+    bootstrapEndpoint: kafka-east.platformops.dev.gcp.devel.cpdev.cloud:9072
+    authentication:        
+      jaasConfig:
+        secretRef: metric-creds
+      type: plain
+    tls:
+      enabled: true