From e668da7f4dc8cfc2027a08b36278aa5498ba4da6 Mon Sep 17 00:00:00 2001 From: gemanilkashyap <51206588+gemanilkashyap@users.noreply.github.com> Date: Tue, 2 Jul 2019 08:20:27 +0100 Subject: [PATCH] Update use-existing-kafka.md (#1056) --- docs/use-existing-kafka.md | 46 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/docs/use-existing-kafka.md b/docs/use-existing-kafka.md index 1571dacb9..1cd557681 100644 --- a/docs/use-existing-kafka.md +++ b/docs/use-existing-kafka.md @@ -171,3 +171,49 @@ When using SSL to secure kafka communication, you must set `KAFKA_ENABLE_TLS`, a * `KAFKA_CACERTS` to check server certificate * `KAFKA_CERT` and `KAFKA_KEY` to check client certificate * `KAFKA_INSECURE` to skip TLS verfication + +Example for Kafka controller deployments using TLS + +`Prerequisite` : Create secrets to hold certificates and keys. + +```yaml +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + labels: + kubeless: kafka-trigger-controller + name: kafka-trigger-controller + namespace: kubeless +spec: + selector: + matchLabels: + kubeless: kafka-trigger-controller + template: + metadata: + labels: + kubeless: kafka-trigger-controller + spec: + volumes: + - name: kafka-volume + secret: + secretName: certs-and-keys-secret # REPLACE WITH SECRET HOLDING CERTS AND KEYS + containers: + - image: bitnami/kafka-trigger-controller:latest + imagePullPolicy: IfNotPresent + name: kafka-trigger-controller + volumeMounts: + - name: kafka-volume + mountPath: /path/to/certsandkeys + env: + ... + - name: KAFKA_ENABLE_TLS + value: "true" # ENABLE TLS + - name: KAFKA_CACERTS + value: "/path/to/certsandkeys/ca.crt" # CHANGE THIS! (NOTE : PATH HERE MATCHING THE MOUNT PATH ABOVE) + - name: KAFKA_CERT + value: "/path/to/certsandkeys/cert.pem" # CHANGE THIS! (NOTE : PATH HERE MATCHING THE MOUNT PATH ABOVE) + - name: KAFKA_KEY + value: "/path/to/certsandkeys/key.pem" # CHANGE THIS! (NOTE : PATH HERE MATCHING THE MOUNT PATH ABOVE) +... +```