-
Notifications
You must be signed in to change notification settings - Fork 16.8k
[incubator/kafka] SSL support - Disable env from secret when secret is mounted #7693
[incubator/kafka] SSL support - Disable env from secret when secret is mounted #7693
Conversation
f42b54c
to
d243af5
Compare
Signed-off-by: Karol Chrapek <kchrapek@novomatic-tech.com>
d243af5
to
2f574cc
Compare
/assign @benjigoldberg |
/ok-to-test |
@kaarolch this is a nice catch and fix. Thank you for taking the time to submit a patch for this. I agree with you, I can't think of any obvious reason why you would need both and they conflict if used together. LGTM. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: benjigoldberg, kaarolch The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…7693) Signed-off-by: Karol Chrapek <kchrapek@novomatic-tech.com> Signed-off-by: jenkin-x <jicowan@hotmail.com>
…7693) Signed-off-by: Karol Chrapek <kchrapek@novomatic-tech.com> Signed-off-by: Jakob Niggel <info@jakobniggel.de>
…7693) Signed-off-by: Karol Chrapek <kchrapek@novomatic-tech.com>
@kaarolch |
In case anybody wants to setup SSL auth, I have documented the steps on below link |
What this PR does / why we need it:
This PR allow to mount binary files like jkms during kafka deployment. This PR allow you to enable SSL inside kafka with jks. The previous version of charts by default try to read environment variables and also mount files from secret. When the secrets include some binary data container throw error during start:
Because we didn't found any use case when someone needs to mount files from secret and in the same time load it as env. variable, the proposed changes do not add env. variable when mountPath was specified.
After this PR we can use secrets with jks or pem files and configurationOverrides
to enable SSL support.
**Which issue this PR fixes: #3951
Special notes for your reviewer:
If there is a special case why secrests need to be mounted and loaded as env variable we can propose refactoring of secrets section in helm:
When type is defined as file we can skip add env variable. Unfortunately this change broke compatibility with previous version.