Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow to use tls for kafka #574

Merged
merged 1 commit into from
Jul 27, 2023
Merged

allow to use tls for kafka #574

merged 1 commit into from
Jul 27, 2023

Conversation

Issif
Copy link
Member

@Issif Issif commented Jul 26, 2023

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area build

/area config

/area outputs

/area tests

What this PR does / why we need it:

Which issue(s) this PR fixes:

#547

Fixes #

Special notes for your reviewer:

@Issif Issif added this to the 2.28.0 milestone Jul 26, 2023
@poiana poiana added kind/feature New feature or request dco-signoff: yes labels Jul 26, 2023
@poiana poiana requested review from cpanato and fjogeleit July 26, 2023 13:51
@ibice
Copy link
Contributor

ibice commented Jul 27, 2023

@Issif I was about to PR this same feature! ibice@7a3aa25

In my solution, I included support for a custom CA. I suppose you plan to support it in the future since you added it to types.go. I'd be happy to add it once this gets merged.

One question out of curiosity, what's the reason behind this? I understand there isn't any client certificate involved.

falcosidekick/outputs/kafka.go

Line 34 in a5ca9ec

ClientAuth: tls.RequireAndVerifyClientCert,

@Issif Issif changed the title allow to use tls for kafka WIP: allow to use tls for kafka Jul 27, 2023
@Issif
allow to use tls for kafka
599816a 
Signed-off-by: Thomas Labarussias <issif_github@gadz.org>
@Issif
Copy link
Member Author

Issif commented Jul 27, 2023

@Issif I was about to PR this same feature! ibice@7a3aa25

In my solution, I included support for a custom CA. I suppose you plan to support it in the future since you added it to types.go. I'd be happy to add it once this gets merged.

One question out of curiosity, what's the reason behind this? I understand there isn't any client certificate involved.

falcosidekick/outputs/kafka.go

Line 34 in a5ca9ec

ClientAuth: tls.RequireAndVerifyClientCert,

I removed the field for the custom ca, I think this config should be global for all outputs, like we do with the key/certs for mTLS. This is something we could add in 2.29.0, don't want to block the 2.28.0 for that.

For the RequireAndVerifyClientCert it's useless, I removed it, thanks for the notice.

@Issif Issif changed the title WIP: allow to use tls for kafka allow to use tls for kafka Jul 27, 2023
@ibice
Copy link
Contributor

ibice commented Jul 27, 2023

@Issif ok, we can rely on the system CAs for now.

Configuring the CA file globally makes sense. Tell me if you need help, I'll be happy to contribute.

Thanks for the feature!

@Issif
Copy link
Member Author

Issif commented Jul 27, 2023

Your contribution is welcome, you can already work on the subject, I'll just add the 2.29.0 as milestone.

cpanato
cpanato approved these changes Jul 27, 2023
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@poiana poiana added the lgtm label Jul 27, 2023
@poiana
Copy link

poiana commented Jul 27, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cpanato, Issif

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana
Copy link

poiana commented Jul 27, 2023

LGTM label has been added.

Git tree hash: 50a4379ecfcdd650787d277471a69f7fc3ba67a4

@poiana poiana merged commit 01eee81 into master Jul 27, 2023
5 checks passed
@poiana poiana deleted the kafka-allow-tls branch July 27, 2023 14:43
@ibice ibice mentioned this pull request Aug 9, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato approved these changes

@fjogeleit fjogeleit Awaiting requested review from fjogeleit

Assignees

@cpanato cpanato

Labels
approved area/config area/outputs dco-signoff: yes kind/feature New feature or request lgtm size/S
Projects
Falcosidekick 2.x
Status: Done
Milestone
2.28.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Issif @ibice @poiana @cpanato