Add optional Credentials to nats-kafka (#845)

* Add optional userCredentials to nats-kafka * Add nats-kafka credentials key and name * Update nats-kafka readme to include nats credential usecase * Update helm/charts/nats-kafka/templates/configmap.yaml Co-authored-by: Caleb Lloyd <2414837+caleblloyd@users.noreply.github.com> * Update helm/charts/nats-kafka/templates/deployment.yaml Co-authored-by: Caleb Lloyd <2414837+caleblloyd@users.noreply.github.com> * Update helm/charts/nats-kafka/templates/deployment.yaml Co-authored-by: Caleb Lloyd <2414837+caleblloyd@users.noreply.github.com> * bump patch version * Add nats kafka values credentials clarity --------- Co-authored-by: Caleb Lloyd <2414837+caleblloyd@users.noreply.github.com>
nats-io · Dec 14, 2023 · f3ba282 · f3ba282
1 parent 0760c47
commit f3ba282
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 1 deletion.
diff --git a/helm/charts/nats-kafka/Chart.yaml b/helm/charts/nats-kafka/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-version: 0.15.2
+version: 0.15.3
 appVersion: 1.4.2
 type: application
 name: nats-kafka

diff --git a/helm/charts/nats-kafka/README.md b/helm/charts/nats-kafka/README.md
@@ -96,3 +96,31 @@ natskafka:
       topic: bar
       subject: baz
 ```
+
+**Using Nats Credentials**
+
+If you need a nats credential for authentication:
+
+```yaml
+natskafka:
+  nats:
+    servers:
+      - "nats://1.2.3.4:4222"
+    credentials:
+      secret:
+        name: nats-sys-creds
+        key: sys.creds
+  connect:
+    - type: "NATSToKafka"
+      brokers:
+        - "1.2.3.4:9092"
+      id: whizz
+      topic: bar
+      subject: bang
+    - type: "KafkaToNATS"
+      brokers:
+        - "1.2.3.4:9092"
+      id: foo
+      topic: bar
+      subject: baz
+```
diff --git a/helm/charts/nats-kafka/templates/configmap.yaml b/helm/charts/nats-kafka/templates/configmap.yaml
@@ -27,6 +27,9 @@ data:
       ConnectTimeout: {{ .Values.natskafka.nats.connectTimeout }},
       MaxReconnects: {{ .Values.natskafka.nats.maxReconnects }},
       ReconnectWait: {{ .Values.natskafka.nats.reconnectWait }},
+      {{- with .Values.natskafka.nats.credentials }}
+      UserCredentials: /etc/nats-kafka/creds/{{ .secret.key }},
+      {{- end }}
     }
 
     {{ if or .Values.natskafka.monitoring.httpPort .Values.natskafka.monitoring.httpsPort }}

diff --git a/helm/charts/nats-kafka/templates/deployment.yaml b/helm/charts/nats-kafka/templates/deployment.yaml
@@ -36,6 +36,11 @@ spec:
               mountPath: /etc/nats-kafka/tls
               readOnly: true
             {{ end }}
+            {{- if .Values.natskafka.nats.credentials }}
+            - name: creds-volume
+              mountPath: /etc/nats-kafka/creds
+              readOnly: true
+            {{- end }}
             {{- if .Values.natskafka.additionalVolumeMounts }}
               {{- toYaml .Values.natskafka.additionalVolumeMounts | nindent 12 }}
             {{- end }}
@@ -83,6 +88,11 @@ spec:
           secret:
             secretName: {{ .Values.natskafka.monitoring.tls.secret }}
         {{ end }}
+        {{- with .Values.natskafka.nats.credentials }}
+        - name: creds-volume
+          secret:
+            secretName: {{ .secret.name }}
+        {{- end }}
         {{- if .Values.natskafka.additionalVolumes }}
           {{- toYaml .Values.natskafka.additionalVolumes | nindent 8 }}
         {{- end }}
diff --git a/helm/charts/nats-kafka/values.yaml b/helm/charts/nats-kafka/values.yaml
@@ -64,4 +64,12 @@ natskafka:
     connectTimeout: 5000
     maxReconnects: 120
     reconnectWait: 5000
+
+    # The credentials file to load in to connect to the NATS Server.
+    #
+    # credentials:
+    #   secret:
+    #     name: nats-sys-creds
+    #     key: sys.creds
+
   connect: []