Add support for defining key names used for existing SASL and TSL Secrets #12
Conversation
|
Hello! First off thanks for the quick response. Generating a secret specific to Kafka-Minion is pretty easy to do and I have that scripted right now. Part of the problem I have though is keeping that secret up-to-date. If / when a new cert is issued by Strimzi I need to regenerate the Kafka-Minion secret. Anything short of a controller dedicated to creating that secret (to my knowledge) will require some manual steps which I am trying to avoid. The last piece of the puzzle for avoiding manual steps will be annotating the deployment for Kafka-Minion to tie the deployment to the secret so that when the secret is changed, the Kafka-Minion deployment is rolled. Reloader will handle that. If this change, and another change to support custom annotations for the Kafka-Minion deployment is out of scope, I can work on a different strategy. Thanks for your time. |
README.md
Outdated
| @@ -33,12 +33,18 @@ helm install --name=kafka-minion kafka-minion/kafka-minion | |||
| | `kafka.brokers` | Comma delimited list of brokers to connect to | (none) | | |||
| | `kafka.sasl.enabled` | Bool to enable/disable SASL authentication (only SASL_PLAINTEXT is supported) | `false` | | |||
| | `kafka.sasl.useHandshake` | Whether or not to send the Kafka SASL handshake first | `true` | | |||
| | `kafka.sasl.credentials.existingSecret` | Secretname of an existing secret which contains SASL credentials | (none) | | |||
| | `kafka.sasl.existingSecret` | Secretname of an existing secret which contains SASL credentials | (none) | | |||
| | `kafka.sasl.existing.username` | Keyname of an existing key on an existing secret which contains SASL username | `username` | | |||
There was a problem hiding this comment.
kafka.sasl.existing.usernameKey is more accurate I think? Accordingly for the other property names
There was a problem hiding this comment.
I went back and forth with that naming scheme and what I currently have. I am indifferent. I will update the PR to suffix these new values with Key.
…rets; also fix documentation for SASL and TSL existingSecret paths
|
Suggested changes have been made to the source branch. |
| @@ -33,12 +33,18 @@ helm install --name=kafka-minion kafka-minion/kafka-minion | |||
| | `kafka.brokers` | Comma delimited list of brokers to connect to | (none) | | |||
| | `kafka.sasl.enabled` | Bool to enable/disable SASL authentication (only SASL_PLAINTEXT is supported) | `false` | | |||
| | `kafka.sasl.useHandshake` | Whether or not to send the Kafka SASL handshake first | `true` | | |||
| | `kafka.sasl.credentials.existingSecret` | Secretname of an existing secret which contains SASL credentials | (none) | | |||
| | `kafka.sasl.existingSecret` | Secretname of an existing secret which contains SASL credentials | (none) | | |||
There was a problem hiding this comment.
Unfortunately this is not correct. Apparently I was inconsistent with the naming between the SASL and TLS credentials. I can not merge this because this would be a breaking change :(. I'm sorry
Add support for defining key names used for existing SASL and TSL Secrets. This is useful when the existing secrets are generated from a different system, such as Strimzi.
existingSecretshould be changed to fit under thekafka.{x}.existingpath, but I left it where it is currently at to not break backwards compatibility.Fix documentation for SASL and TSL existingSecret paths. I found that the existing documented paths
kafka.sasl.credentials.existingSecretandkafka.tls.certificates.existingSecretare incorrect and instead should bekafka.sasl.existingSecretandkafka.tls.existingSecretrespectively. These are used within thetemplates/_helpers.tplfile.