Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to provide secrets with authConfig #700

Open
bpereto opened this issue Oct 6, 2023 · 1 comment
Open

How to provide secrets with authConfig #700

bpereto opened this issue Oct 6, 2023 · 1 comment

Comments

@bpereto
Copy link

bpereto commented Oct 6, 2023
edited
Loading

Hi,

I'm trying to use authentication for a java function with the common use of Secrets to store the JWT token needed to access pulsar.

authSecret works

As I understand, the authSecret is legacy.

apiVersion: compute.functionmesh.io/v1alpha1
kind: Function
metadata:
  name: test
  namespace: test
spec:
  className: com.test.Test
  image: streamnative/pulsar-functions-java-runner:2.11.2.9
  forwardSourceMessageProperty: true
  maxPendingAsyncRequests: 1000
  replicas: 1
  maxReplicas: 3
  #logTopic: persistent://test/functions.log
  input:
    topics:
      - persistent://test/test
  resources:
    requests:
      cpu: "100m"
      memory: "1G"
    limits:
      cpu: "2"
      memory: "2G"
  pulsar:
    pulsarConfig: "pulsar-config"
    authSecret: "pulsar-auth"
---
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: test
  name: pulsar-config
data:
  webServiceURL: https://test:8443
  brokerServiceURL: pulsar+ssl://test:6651
---
apiVersion: v1
data:
  clientAuthenticationParameters: XXX # org.apache.pulsar.client.impl.auth.AuthenticationToken
  clientAuthenticationPlugin: XXX # "token:eyJ..."
kind: Secret
type: Opaque

authConfig doesn't work

either combination of the approaches:

as environment variables

  pulsar:
    pulsarConfig: "pulsar-config"
  secretsMap:
    "clientAuthenticationParameters":
      path: "pulsar-auth"
      key: "clientAuthenticationParameters"
    "clientAuthenticationPlugin":
      path: "pulsar-auth"
      key: "clientAuthenticationPlugin"

authConfig

 pulsar:
   pulsarConfig: "pulsar-config"
   authConfig:
     genericAuth: "pulsar-auth"

apiVersion: compute.functionmesh.io/v1alpha1
kind: Function
metadata:
  name: test
  namespace: test
spec:
  className: com.test.Test
  image: streamnative/pulsar-functions-java-runner:2.11.2.9
  forwardSourceMessageProperty: true
  maxPendingAsyncRequests: 1000
  replicas: 1
  maxReplicas: 3
  #logTopic: persistent://test/functions.log
  input:
    topics:
      - persistent://test/test
  resources:
    requests:
      cpu: "100m"
      memory: "1G"
    limits:
      cpu: "2"
      memory: "2G"
  pulsar:
    pulsarConfig: "pulsar-config"
  secretsMap:
    "clientAuthenticationParameters":
      path: "pulsar-auth"
      key: "clientAuthenticationParameters"
    "clientAuthenticationPlugin":
      path: "pulsar-auth"
      key: "clientAuthenticationPlugin"
---
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: test
  name: pulsar-config
data:
  webServiceURL: https://test:8443
  brokerServiceURL: pulsar+ssl://test:6651
---
apiVersion: v1
data:
  clientAuthenticationParameters: XXX # org.apache.pulsar.client.impl.auth.AuthenticationToken
  clientAuthenticationPlugin: XXX # "token:eyJ..."
kind: Secret
type: Opaque

I don't want to put the Auth Token into a configmap. How is the correct approach for supplying clientAuthenticationParameters as environment variable from a secret in combination with "authConfig"?
@jiangpengcheng
Copy link
Member

the authConfig cannot be used combined with a secret. You can keep using the authSecret way, it won't be deprecated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bpereto @jiangpengcheng