Update use-existing-kafka.md (#1056)

vmware-archive · Jul 2, 2019 · e668da7 · e668da7
1 parent 4f605f6
commit e668da7
Showing 1 changed file with 46 additions and 0 deletions.
diff --git a/docs/use-existing-kafka.md b/docs/use-existing-kafka.md
@@ -171,3 +171,49 @@ When using SSL to secure kafka communication, you must set `KAFKA_ENABLE_TLS`, a
 * `KAFKA_CACERTS` to check server certificate
 * `KAFKA_CERT` and `KAFKA_KEY` to check client certificate
 * `KAFKA_INSECURE` to skip TLS verfication
+
+Example for Kafka controller deployments using TLS
+
+`Prerequisite` : Create secrets to hold certificates and keys.
+
+```yaml
+---
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    kubeless: kafka-trigger-controller
+  name: kafka-trigger-controller
+  namespace: kubeless
+spec:
+  selector:
+    matchLabels:
+      kubeless: kafka-trigger-controller
+  template:
+    metadata:
+      labels:
+        kubeless: kafka-trigger-controller
+    spec:
+      volumes:
+      - name: kafka-volume
+        secret:
+          secretName: certs-and-keys-secret # REPLACE WITH SECRET HOLDING CERTS AND KEYS
+      containers:
+      - image: bitnami/kafka-trigger-controller:latest
+        imagePullPolicy: IfNotPresent
+        name: kafka-trigger-controller
+        volumeMounts:
+        - name: kafka-volume
+          mountPath: /path/to/certsandkeys
+        env:
+        ...
+        - name: KAFKA_ENABLE_TLS
+          value: "true" # ENABLE TLS
+        - name: KAFKA_CACERTS
+          value: "/path/to/certsandkeys/ca.crt" # CHANGE THIS! (NOTE : PATH HERE MATCHING THE MOUNT PATH ABOVE)
+        - name: KAFKA_CERT
+          value: "/path/to/certsandkeys/cert.pem" # CHANGE THIS! (NOTE : PATH HERE MATCHING THE MOUNT PATH ABOVE)
+        - name: KAFKA_KEY
+          value: "/path/to/certsandkeys/key.pem" # CHANGE THIS! (NOTE : PATH HERE MATCHING THE MOUNT PATH ABOVE)
+...
+```