From c0645eefd5dc75b9e9b002b5dd5b009d39b6fd42 Mon Sep 17 00:00:00 2001
From: Staffan Olsson <staffan@repos.se>
Date: Tue, 1 Aug 2017 06:52:58 +0200
Subject: Starts scripting, but the API call gets 403 for anonymous user

---
 10broker-config.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to '10broker-config.yml')

diff --git a/10broker-config.yml b/10broker-config.yml
index bbf0e44..93bc8f0 100644
--- a/10broker-config.yml
+++ b/10broker-config.yml
@@ -11,6 +11,19 @@ data:
     export KAFKA_BROKER_ID=${HOSTNAME##*-}
     sed -i "s/\${KAFKA_BROKER_ID}/$KAFKA_BROKER_ID/" /etc/kafka/server.properties
 
+    PODNAME=$HOSTNAME
+    NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
+
+    # todo add curl to kafka image, switch to a curl image for init or write the whole lookup in java
+    hash curl 2>/dev/null || { apt-get update; DEBIAN_FRONTEND=noninteractive apt-get install curl -y --no-install-recommends; }
+
+    API=https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT/api
+    AUTH="--cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt --header \"Authorization: Bearer $(cat /run/secrets/kubernetes.io/serviceaccount/token)\""
+
+    curl -s $AUTH $API/namespaces/kafka/pods/$PODNAME -I --fail-early || {
+      echo "Access problems. Could be RBAC."
+    }
+
   server.properties: |-
     # Licensed to the Apache Software Foundation (ASF) under one or more
     # contributor license agreements.  See the NOTICE file distributed with
-- 
cgit v1.2.3