refactor: upgrade container image from bitnami to self-built version

1. Refactored the coordination logic to replace bitnami with the new image coordination requirements.
2. Added e2e tests to ensure the stability and correctness of the refactored code across different scenarios.
3. Extracted the config, security, and listener modules from the original logic to improve code maintainability and extensibility.

This refactoring not only adapts to the new image coordination logic but also enhances the robustness and modularity of the code, laying a solid foundation for future feature extensions and maintenance.

.chainsaw.yaml

@@ -5,10 +5,10 @@ metadata:
 spec:
   timeouts:
     apply: 120s
-    assert: 120s
+    assert: 240s
     cleanup: 120s
-    delete: 120s
+    delete: 240s
     error: 120s
     exec: 45s
-  skipDelete: false
+  skipDelete: true
   failFast: true

.github/workflows/e2e.yml

@@ -0,0 +1,37 @@
+# e2e test
+
+name: e2e-test
+
+on: ['push', 'pull_request']
+
+jobs:
+  chainsaw-test:
+    name: Chainsaw Test
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        k8s-version: ['1.26.14', '1.27.11']
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-go@v4
+      with:
+        go-version: '1.22'
+        cache: false
+    - name: Create KinD cluster
+      env:
+        KINDTEST_K8S_VERSION: ${{ matrix.k8s-version}}
+        KUBECONFIG: kind-kubeconfig-${{ matrix.k8s-version }}
+        KIND_KUBECONFIG: kind-kubeconfig-${{ matrix.k8s-version }}
+      run: make kind-create
+    - name: Chainsaw test setup
+      env:
+        KINDTEST_K8S_VERSION: ${{ matrix.k8s-version }}
+        KUBECONFIG: kind-kubeconfig-${{ matrix.k8s-version }}
+        KIND_KUBECONFIG: kind-kubeconfig-${{ matrix.k8s-version }}
+      run: make chainsaw-setup
+    - name: Test with Chainsaw
+      env:
+        KINDTEST_K8S_VERSION: ${{ matrix.k8s-version }}
+        KUBECONFIG: kind-kubeconfig-${{ matrix.k8s-version }}
+        KIND_KUBECONFIG: kind-kubeconfig-${{ matrix.k8s-version }}
+      run: make chainsaw-test

.gitignore

@@ -5,7 +5,8 @@
 *.dll
 *.so
 *.dylib
-bin/*
+bin
+testbin/*
 Dockerfile.cross
 
 # Test binary, build with `go test -c`
@@ -20,17 +21,142 @@ Dockerfile.cross
 
 # editor and IDE paraphernalia
 .idea
-.vscode
 *.swp
 *.swo
 *~
 
-bundle.Dockerfile
+### VisualStudioCode template
+.vscode
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix
+
+### JetBrains template
+.idea
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# SonarLint plugin
+.idea/sonarlint/
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+
+### Linux template
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+### Windows template
+# Windows thumbnail cache files
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+### macOS template
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# olm
 bundle
+bundle.Dockerfile
 
 kind-kubeconfig*
-kind-config-local*
-
-# catalog
+kind-config-local.yaml
+catalog.Dockerfile
 catalog
-catalog.Dockerfile
+
+# test
+ginkgo.report
+cover.out
+cmd/__debug*
+
+# ai code local
+.codiumai.toml
+
+

Makefile

@@ -347,6 +347,7 @@ KIND_IMAGE ?= kindest/node:v${KINDTEST_K8S_VERSION}
 
 KIND_KUBECONFIG ?= ./kind-kubeconfig-$(KINDTEST_K8S_VERSION)
 KIND_CLUSTER_NAME ?= ${PROJECT_NAME}-$(KINDTEST_K8S_VERSION)
+KIND_CONFIG ?= test/e2e/kind-config.yaml
 
 .PHONY: kind
 KIND = $(LOCALBIN)/kind
@@ -364,12 +365,11 @@ endif
 endif
 
 OLM_VERSION ?= v0.28.0
-KIND_CONFIG ?= test/e2e/kind-config.yaml
 
 # Create a kind cluster, install ingress-nginx, and wait for it to be available.
 .PHONY: kind-create
 kind-create: kind ## Create a kind cluster.
-	$(KIND) create cluster --config $(KIND_CONFIG) --image $(KIND_IMAGE) --name $(KIND_CLUSTER_NAME) --kubeconfig $(KIND_KUBECONFIG) --wait 120s
+	$(KIND) create cluster --config $(KIND_CONFIG)  --image $(KIND_IMAGE) --name $(KIND_CLUSTER_NAME) --kubeconfig $(KIND_KUBECONFIG) --wait 120s
 	KUBECONFIG=$(KIND_KUBECONFIG) make kind-setup
 
 .PHONY: kind-setup
@@ -419,6 +419,7 @@ chainsaw-setup: manifests kustomize ## Run the chainsaw setup
 chainsaw-test: chainsaw ## Run the chainsaw test
 	$(CHAINSAW) test --cluster cluster-1=$(KIND_KUBECONFIG) --test-dir ./test/e2e
 
+
 .PHONY: chainsaw-cleanup
 chainsaw-cleanup: manifests kustomize ## Run the chainsaw cleanup
 	KUBECONFIG=$(KIND_KUBECONFIG) make undeploy

api/v1alpha1/kafkacluster_types.go

@@ -29,21 +29,37 @@ const (
 )
 
 const (
-	KafkaPortName    = "kafka"
-	InternalPortName = "internal"
+	ClientPortName       = "kafka"
+	SecureClientPortName = "kafka-tls"
+	InternalPortName     = "internal"
+	MetricsPortName      = "metrics"
 
-	KafkaClientPort           = 9092
+	ClientPort                = 9092
+	SecurityClientPort        = 9093
 	InternalPort              = 19092
+	SecurityInternalPort      = 19093
+	MetricsPort               = 9606
 	PodSvcClientNodePortMin   = 30092
 	PodSvcInternalNodePortMin = 31092
 )
 
-type SslPolicy string
-
 const (
-	SslPolicyNone     SslPolicy = "none"
-	SslPolicyOptional SslPolicy = "requested"
-	SslPolicyRequired SslPolicy = "required"
+	ImageRepository = "docker.stackable.tech/stackable/kafka"
+	ImageTag        = "3.7.1-stackable24.7.0"
+	ImagePullPolicy = corev1.PullAlways
+
+	KubedoopKafkaDataDirName = "data" // kafka log dirs
+	KubedoopLogConfigDirName = "log-config"
+	KubedoopConfigDirName    = "config"
+	KubedoopTmpDirName       = "tmp"
+	KubedoopLogDirName       = "log"
+
+	KubedoopRoot         = "/stackable"
+	KubedoopTmpDir       = KubedoopRoot + "/tmp"
+	KubedoopDataDir      = KubedoopRoot + "/data"
+	KubedoopConfigDir    = KubedoopRoot + "/config"
+	KubedoopLogConfigDir = KubedoopRoot + "/log_config"
+	KubedoopLogDir       = KubedoopRoot + "/log"
 )
 
 //+kubebuilder:object:root=true
@@ -73,18 +89,18 @@ type KafkaClusterSpec struct {
 	Image *ImageSpec `json:"image,omitempty"`
 
 	// +kubebuilder:validation:Required
-	ClusterConfigSpec *ClusterConfigSpec `json:"clusterConfig,omitempty"`
+	ClusterConfig *ClusterConfigSpec `json:"clusterConfig,omitempty"`
 
 	// +kubebuilder:validation:Required
 	Brokers *BrokersSpec `json:"brokers,omitempty"`
 }
 
 type ImageSpec struct {
 	// +kubebuilder:validation:Optional
-	// +kubebuilder:default=bitnami/kafka
+	// +kubebuilder:default="docker.stackable.tech/stackable/kafka"
 	Repository string `json:"repository,omitempty"`
 	// +kubebuilder:validation:Optional
-	// +kubebuilder:default:="3.7.0-debian-12-r2"
+	// +kubebuilder:default="3.7.1-stackable24.7.0"
 	Tag string `json:"tag,omitempty"`
 	// +kubebuilder:validation:Optional
 	// +kubebuilder:default:=IfNotPresent
@@ -99,12 +115,43 @@ type ClusterConfigSpec struct {
 	// +kubebuilder:default:="cluster.local"
 	ClusterDomain string `json:"clusterDomain,omitempty"`
 
-	// +kubebuilder:validation:Optional
-	// +kubebuilder:default:=1
-	DfsReplication int32 `json:"dfsReplication,omitempty"`
+	Tls *TlsSpec `json:"tls,omitempty"`
 
 	// +kubebuilder:validation:required
-	ZookeeperDiscoveryZNode string `json:"zookeeperDiscoveryZNode,omitempty"`
+	ZookeeperConfigMapName string `json:"zookeeperConfigMapName,omitempty"`
+}
+
+type TlsSpec struct {
+	// The SecretClass to use for internal broker communication. Use mutual verification between brokers (mandatory).
+	// This setting controls: - Which cert the brokers should use to authenticate themselves against other brokers -
+	// Which ca.crt to use when validating the other brokers Defaults to tls
+	//
+	// +kubebuilder:validation:Optional
+	ServerSecretClass string `json:"serverSecretClass,omitempty"`
+	//The SecretClass to use for client connections. This setting controls: - If TLS encryption is used at all -
+	//Which cert the servers should use to authenticate themselves against the client Defaults to tls.
+	//
+	// +kubebuilder:validation:Optional
+	InternalSecretClass string `json:"internalSecretClass,omitempty"`
+
+	// todo: use secret resource
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default="chageit"
+	SSLStorePassword string `json:"sslStorePassword,omitempty"`
+}
+
+type KafkaAuthenticationSpec struct {
+	/*
+	 *	 ## TLS provider
+	 *
+	 *	 Only affects client connections. This setting controls:
+	 *	 - If clients need to authenticate themselves against the broker via TLS
+	 *	 - Which ca.crt to use when validating the provided client certs
+	 *
+	 *	 This will override the server TLS settings (if set) in `spec.clusterConfig.tls.serverSecretClass`.
+	 */
+	// +kubebuilder:validation:Optional
+	AuthenticationClass string `json:"authenticationClass,omitempty"`
 }
 
 type BrokersSpec struct {
@@ -183,26 +230,7 @@ type BrokersConfigSpec struct {
 
 	// +kubebuilder:validation:Optional
 	Logging *BrokersContainerLoggingSpec `json:"logging,omitempty"`
-
-	// +kubebuilder:validation:Optional
-	Ssl *SslSpec `json:"ssl,omitempty"`
-}
-
-type SslSpec struct {
-	// +kubebuilder:validation:Optional
-	// +kubebuilder:default:=false
-	Enabled bool `json:"enabled,omitempty"`
-
-	// +kubebuilder:validation:Optional
-	JksPassword string `json:"jksPassword,omitempty"`
-
-	// whatever secret csi key store format is, key store type in kafka is JKS always, so ignore it here
-	// +kubebuilder:validation:Optional
-	// +kubebuilder:validation:Enum=PKCS12;PEM;JKS;KERBEROS
-	// +kubebuilder:default:="PKCS12"
-	//StoreType string `json:"storeType,omitempty"`
 }
-
 type BrokersContainerLoggingSpec struct {
 	// +kubebuilder:validation:Optional
 	Broker *LoggingConfigSpec `json:"broker,omitempty"`

api/v1alpha1/logger.go

@@ -1,9 +1,10 @@
 package v1alpha1
 
-//type LoggingSpec struct {
-//	// +kubebuilder:validation:Optional
-//	Containers *ContainerLoggingSpec `json:"containers,omitempty"`
-//}
+//	type LoggingSpec struct {
+//		// +kubebuilder:validation:Optional
+//		Containers *ContainerLoggingSpec `json:"containers,omitempty"`
+//	}
+const RootLogger string = "ROOT"
 
 type LoggingConfigSpec struct {
 	// +kubebuilder:validation:Optional