Closed oferzi23 closed 3 years ago
eshepelyuk
commented
3 years ago If CMAK supports passing SSL params to its consumer - I can add this to this project, If CMAK doesn't - it would be impossible.
To be clear, are you talking about securing consumer traffic with SSL ?
eshepelyuk
commented
3 years ago According to this issue SSL settings are the same for the all clusters managed by single CMAK instance.
So, I'd advice you to just install several instances of CMAK operator, one for each cluster \ SSL key.
oferzi23
commented
3 years ago well that's the point i made in the initial comment. the old kafka-manager chart did support it and the issue you referenced is exactly the reason i think this was removed but i do need it as my current pattern is to create multiple kafka clusters with 1 certificate created for cmak and allowed in all clusters. so if i PR this feature you have no objection to it?
oferzi23
commented
3 years ago If CMAK supports passing SSL params to its consumer - I can add this to this project, If CMAK doesn't - it would be impossible.
To be clear, are you talking about securing consumer traffic with SSL ?
yes
eshepelyuk
commented
3 years ago Sorry, I still don't understand what do you trying to achieve :( You can pass a certificate to CMAK operator, but only a single one, that will be used for all instances of Kafka configured in CMAK.
oferzi23
commented
3 years ago yes that is what i want
oferzi23
commented
3 years ago currently the chart as far as i can tell does not support it
eshepelyuk
commented
3 years ago Seems I had understood now. There is no possibility of passing customer properties file into CMAK Deployment. Am I right ?
oferzi23
commented
3 years ago yes we will need to add 2 components here. 1 will be a configMap to replace the consumer.properties ate /cmak/conf in the ui container of the deployment. the other component will need to be a secret which will add a truststore and a keystore into the ui container...
eshepelyuk
commented
3 years ago Makes sense @oferzi23 You are welcome to provide a PR if you are ready to implement this feature.
oferzi23
commented
3 years ago already on it PR will be pushed soon...
eshepelyuk
commented
3 years ago Hello @oferzi23 Thanks for your contribution, I've merged your PR #30 and added a linter test. Will you be able to test baseline version of this Helm chart after I release a new version ?
eshepelyuk
commented
3 years ago @oferzi23 released 1.6.0 with your changes, could you please confirm that everything is working fine ?
eshepelyuk
commented
3 years ago Hello @oferzi23 Any feedback on this ?
ii is my understanding that due to the limitations of cmak, which specifies that 1 consumer properties object will apply to all clusters effectively requiring allowing the same certificate across all managed clusters, is not the best solution. i do need this in my implementation. so the question is, can we add this support here and allow passing consumer properties to the chart using it's values. if this is accepted i will add the support on my open fork and open the respective PR. WDYT?