apache/pulsar-helm-chart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't use TLS from function instances to brokers by default (#435)

Browse Source 
- Function instances don't currently have the TLS CA cert available
This commit is contained in:
Lari Hotari 2024-01-17 21:04:43 -08:00 committed by GitHub
parent 9461dfc280
commit 1cb83398c8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
charts/pulsar/templates/broker-configmap.yaml
View File

@ -118,11 +118,10 @@ data:
PF_functionRuntimeFactoryConfigs_installUserCodeDependencies: "true" PF_functionRuntimeFactoryConfigs_installUserCodeDependencies: "true"
PF_functionRuntimeFactoryConfigs_jobNamespace: {{ template "pulsar.namespace" . }} PF_functionRuntimeFactoryConfigs_jobNamespace: {{ template "pulsar.namespace" . }}
PF_functionRuntimeFactoryConfigs_expectedMetricsCollectionInterval: "30" PF_functionRuntimeFactoryConfigs_expectedMetricsCollectionInterval: "30"
{{- if not (and .Values.tls.enabled .Values.tls.broker.enabled) }} {{- if not (and .Values.tls.enabled .Values.tls.broker.enabled .Values.tls.function_instance.enabled) }}
PF_functionRuntimeFactoryConfigs_pulsarAdminUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}/" PF_functionRuntimeFactoryConfigs_pulsarAdminUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}/"
PF_functionRuntimeFactoryConfigs_pulsarServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}/" PF_functionRuntimeFactoryConfigs_pulsarServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}/"
{{- end }} {{- else }}
{{- if and .Values.tls.enabled .Values.tls.broker.enabled }}
PF_functionRuntimeFactoryConfigs_pulsarAdminUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}/" PF_functionRuntimeFactoryConfigs_pulsarAdminUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}/"
PF_functionRuntimeFactoryConfigs_pulsarServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }}/" PF_functionRuntimeFactoryConfigs_pulsarServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }}/"
{{- end }} {{- end }}
@ -134,11 +133,10 @@ data:
PF_kubernetesContainerFactory_installUserCodeDependencies: "true" PF_kubernetesContainerFactory_installUserCodeDependencies: "true"
PF_kubernetesContainerFactory_jobNamespace: {{ template "pulsar.namespace" . }} PF_kubernetesContainerFactory_jobNamespace: {{ template "pulsar.namespace" . }}
PF_kubernetesContainerFactory_expectedMetricsCollectionInterval: "30" PF_kubernetesContainerFactory_expectedMetricsCollectionInterval: "30"
{{- if not (and .Values.tls.enabled .Values.tls.broker.enabled) }} {{- if not (and .Values.tls.enabled .Values.tls.broker.enabled .Values.tls.function_instance.enabled) }}
PF_kubernetesContainerFactory_pulsarAdminUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}/" PF_kubernetesContainerFactory_pulsarAdminUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}/"
PF_kubernetesContainerFactory_pulsarServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}/" PF_kubernetesContainerFactory_pulsarServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}/"
{{- end }} {{- else }}
{{- if and .Values.tls.enabled .Values.tls.broker.enabled }}
PF_kubernetesContainerFactory_pulsarAdminUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}/" PF_kubernetesContainerFactory_pulsarAdminUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}/"
PF_kubernetesContainerFactory_pulsarServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }}/" PF_kubernetesContainerFactory_pulsarServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }}/"
{{- end }} {{- end }}

4
charts/pulsar/values.yaml
View File

@ -229,6 +229,10 @@ tls:
# settings for generating certs for toolset # settings for generating certs for toolset
toolset: toolset:
cert_name: tls-toolset cert_name: tls-toolset
# TLS setting for function runtime instance
function_instance:
# controls the use of TLS for function runtime connections towards brokers
enabled: false
# Enable or disable broker authentication and authorization. # Enable or disable broker authentication and authorization.
auth: auth: