refactoring

dev/kafka/cluster/kafka-cluster.yaml

@@ -0,0 +1,46 @@
+apiVersion: kafka.strimzi.io/v1beta2
+kind: Kafka
+metadata:
+  name: kafka-cluster
+  namespace: kafka
+  annotations:
+    argocd.argoproj.io/sync-wave: "2"
+spec:
+  kafka:
+    version: 3.7.0
+    metadataVersion: 3.7-IV4
+
+    listeners:
+      - name: internal
+        port: 9092
+        type: internal
+        tls: false
+
+    config:
+      num.partitions: 1 # PROD: 3
+      default.replication.factor: 1 # PROD: 3
+      min.insync.replicas: 1 # PROD: 2
+
+      offsets.topic.replication.factor: 1 # PROD: 3
+      transaction.state.log.replication.factor: 1 # PROD: 3
+      transaction.state.log.min.isr: 1 # PROD: 2
+
+      log.retention.hours: 24 # PROD: 168
+      log.segment.bytes: 1073741824
+
+      auto.create.topics.enable: true # DEV: true, PROD: false
+
+    resources:
+      requests:
+        cpu: "1"
+        memory: 4Gi
+      limits:
+        cpu: "2"
+        memory: 8Gi
+
+  kraft:
+    enabled: true
+
+  entityOperator:
+    topicOperator: {}
+    userOperator: {}

dev/kafka/kafka-cluster.yaml

@@ -1,39 +0,0 @@
-apiVersion: kafka.strimzi.io/v1beta2
-kind: Kafka
-metadata:
-  name: kafka-dev
-  namespace: kafka
-  annotations:
-    strimzi.io/node-pools: enabled
-    strimzi.io/kraft: enabled
-spec:
-  kafka:
-    version: 4.1.1
-    metadataVersion: 4.1-IV0
-    listeners:
-      - name: plain
-        port: 9092
-        type: internal
-        tls: false
-      - name: external
-        port: 9094
-        type: nodeport
-        tls: false
-        configuration:
-          bootstrap:
-            nodePort: 30092
-          brokers:
-            - broker: 0
-              nodePort: 30093
-              advertisedHost: localhost   # Required for Docker Desktop
-              advertisedPort: 30093
-    config:
-      offsets.topic.replication.factor: 1
-      transaction.state.log.replication.factor: 1
-      transaction.state.log.min.isr: 1
-      default.replication.factor: 1
-      min.insync.replicas: 1
-      auto.create.topics.enable: false  # Production best practice
-  entityOperator:
-    topicOperator: {}
-    userOperator: {}

dev/kafka/kafka-nodepool.yaml

@@ -1,21 +0,0 @@
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaNodePool
-metadata:
-  name: dual-role
-  namespace: kafka
-  labels:
-    strimzi.io/cluster: kafka-dev
-spec:
-  replicas: 1
-  roles:
-    - controller
-    - broker
-  storage:
-    type: ephemeral  # Use persistent-claim for production
-  resources:
-    requests:
-      memory: 512Mi   # Works on 8GB machines
-      cpu: 200m
-    limits:
-      memory: 1Gi     # Increase to 2Gi for 16GB+ machines
-      cpu: 500m

dev/kafka/kafka-topic.yaml

@@ -1,13 +0,0 @@
-apiVersion: kafka.strimzi.io/v1
-kind: KafkaTopic
-metadata:
-  name: task-events
-  namespace: kafka
-  labels:
-    strimzi.io/cluster: kafka-dev
-spec:
-  partitions: 3
-  replicas: 1
-  config:
-    retention.ms: "604800000"  # 7 days
-    cleanup.policy: delete

dev/kafka/kafka-user.yaml

@@ -1,18 +0,0 @@
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
-  name: app-user
-  namespace: kafka
-  labels:
-    strimzi.io/cluster: kafka-dev
-spec:
-  authentication:
-    type: tls
-  authorization:
-    type: simple
-    acls:
-      - resource:
-          type: topic
-          name: orders
-          patternType: literal
-        operation: Read

dev/kafka/namespace.yaml

@@ -1,4 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: kafka
+  name: kafka
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"

dev/kafka/nodepools/kafka-nodepool.yaml

@@ -0,0 +1,31 @@
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaNodePool
+metadata:
+  name: dev-brokers
+  namespace: kafka
+  labels:
+    strimzi.io/cluster: kafka-cluster
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+spec:
+  replicas: 1   # DEV: nur 1 Pod
+  roles:
+    - broker
+    - controller
+
+  resources:
+    requests:
+      cpu: "500m"
+      memory: 2Gi
+    limits:
+      cpu: "1"
+      memory: 4Gi
+
+  storage:
+    type: jbod
+    volumes:
+      - id: 0
+        type: persistent-claim
+        size: 10Gi
+        deleteClaim: true
+        class: standard   # ggf. anpassen!

dev/kafka/topics/kafka-topic.yaml

@@ -0,0 +1,15 @@
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+  name: task-events
+  namespace: kafka
+  labels:
+    strimzi.io/cluster: kafka-cluster
+  annotations:
+    argocd.argoproj.io/sync-wave: "3"
+spec:
+  partitions: 1 # DEV: 1 PROD: 3
+  replicas: 1 # DEV: 1 PROD: <= Broker-Anzahl
+  config:
+    retention.ms: 86400000 # DEV: 86400000 (24h) PROD: "604800000"  # 7 days
+    cleanup.policy: delete

dev/kafka/users/kafka-user.yaml

@@ -0,0 +1,30 @@
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+  name: app-user
+  namespace: kafka
+  labels:
+    strimzi.io/cluster: kafka-cluster
+  annotations:
+    argocd.argoproj.io/sync-wave: "3"
+spec:
+  authentication:
+    type: tls
+  authorization:
+    type: simple
+    acls:
+      - resource:
+          type: topic
+          name: orders
+          patternType: literal
+        operation:
+          - Read
+          - Write
+          - Describe
+
+      - resource:
+          type: group
+          name: app-consumers
+          patternType: literal
+        operation:
+          - Read

dev/platform/kafka.yaml

@@ -6,7 +6,7 @@ metadata:
 spec:
   project: default
   source:
-    repoURL: https://gitea.vhn-demo.duckdns.org/devops-infra.git
+    repoURL: https://gitea.vhn-demo.duckdns.org/hoang/strimzi.git
     targetRevision: HEAD
     path: manifests/kafka
   destination:

dev/platform/strimzi/clusterrole.yaml

@@ -0,0 +1,10 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: strimzi-cluster-operator
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+rules:
+  - apiGroups: ["*"]
+    resources: ["*"]
+    verbs: ["*"]

dev/platform/strimzi/clusterrolebinding.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: strimzi-cluster-operator
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+subjects:
+  - kind: ServiceAccount
+    name: strimzi-cluster-operator
+    namespace: strimzi
+roleRef:
+  kind: ClusterRole
+  name: strimzi-cluster-operator
+  apiGroup: rbac.authorization.k8s.io

dev/platform/strimzi/deployment.yaml

@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: strimzi-cluster-operator
+  namespace: strimzi
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: strimzi-cluster-operator
+  template:
+    metadata:
+      labels:
+        name: strimzi-cluster-operator
+    spec:
+      serviceAccountName: strimzi-cluster-operator
+      containers:
+        - name: strimzi-cluster-operator
+          image: quay.io/strimzi/operator:0.39.0
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: STRIMZI_NAMESPACE
+              value: "*"
+            - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS
+              value: "120000"
+            - name: STRIMZI_OPERATION_TIMEOUT_MS
+              value: "300000"
+            - name: STRIMZI_LOG_LEVEL
+              value: INFO
+          resources:
+            requests:
+              cpu: 200m
+              memory: 256Mi
+            limits:
+              cpu: 1
+              memory: 512Mi

dev/platform/strimzi/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: strimzi
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"

dev/platform/strimzi/serviceaccount.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: strimzi-cluster-operator
+  namespace: strimzi
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"