WIP: Adding first round for TLS API

[matzew]

Signed-off-by: Matthias Wessendorf mwessend@redhat.com

This is work in progress, and needs a bit more of polishing... Details below:

Proposed Changes

• Adding authConfig duck API shime, (accepting Secret for global TLS config)
• We use a real API but stash the referenced secret globally, due to the nature of this channel. (broker URLs are also global)

Usage

Assuming some TLS Kafka (e.g. strimzi), the usage goes like:

Create tls secret in your namesapce. Below we leverage the settings from Strimzi:

STRIMZI_CRT=$(k -n kafka get secret my-cluster-cluster-ca-cert --template='{{index .data "ca.crt"}}' | base64 --decode )
TLSUSER_CRT=$(k -n kafka get secret my-user --template='{{index .data "user.crt"}}' | base64 --decode )
TLSUSER_KEY=$(k -n kafka get secret my-user --template='{{index .data "user.key"}}' | base64 --decode )

kubectl create secret --namespace default generic my-tls-secret \
    --from-literal=ca.crt="$STRIMZI_CRT" \
    --from-literal=user.crt="$TLSUSER_CRT" \
    --from-literal=user.key="$TLSUSER_KEY" \

And create the channel like:

apiVersion: messaging.knative.dev/v1beta1
kind: KafkaChannel
metadata:
  name: kafka-channel-oney
  namespace: default
spec:
  auth:
    apiVersion: v1
    kind: Secret
    name: my-tls-secret
    namespace: default

Follow up

• proper KafkaConfig and/or KafkaAuthConfig CRDs, to be commonly reused with all things Kafka.
• Or some generic AuthConfig duck, where each component (e.g. the Rabbit broker, GCP channel, etc) can have specifics

[knative-prow-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: matzew

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[kafka/OWNERS](https://github.com/knative/eventing-contrib/blob/release-0.18/kafka/OWNERS)~~ [matzew] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[knative-metrics-robot]

The following is the coverage report on the affected files. Say /test pull-knative-eventing-contrib-go-coverage to re-run this coverage report

File	Old Coverage	New Coverage	Delta
kafka/channel/pkg/apis/messaging/v1alpha1/kafka_channel_conversion.go	Do not exist	92.9%
kafka/channel/pkg/apis/messaging/v1alpha1/kafka_channel_types.go	Do not exist	100.0%
kafka/channel/pkg/apis/messaging/v1alpha1/kafka_channel_validation.go	Do not exist	92.0%
kafka/channel/pkg/apis/messaging/v1beta1/kafka_channel_types.go	Do not exist	100.0%
kafka/channel/pkg/apis/messaging/v1beta1/kafka_channel_validation.go	Do not exist	91.7%
kafka/channel/pkg/reconciler/controller/resources/client.go	Do not exist	0.0%
kafka/channel/pkg/utils/util.go	Do not exist	59.4%

[knative-prow-robot]

@matzew: The following tests failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
pull-knative-eventing-contrib-go-coverage	f8de16299503c0b459aa78ca79426a5d04a5ddf1	link	/test pull-knative-eventing-contrib-go-coverage
pull-knative-eventing-contrib-unit-tests	f8de16299503c0b459aa78ca79426a5d04a5ddf1	link	/test pull-knative-eventing-contrib-unit-tests
pull-knative-eventing-contrib-build-tests	f8de16299503c0b459aa78ca79426a5d04a5ddf1	link	/test pull-knative-eventing-contrib-build-tests
pull-knative-eventing-contrib-integration-tests	f8de16299503c0b459aa78ca79426a5d04a5ddf1	link	/test pull-knative-eventing-contrib-integration-tests

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).

[lgtm-com[bot]]

This pull request introduces 1 alert when merging f8de16299503c0b459aa78ca79426a5d04a5ddf1 into 1c669479657b6f4f153b194a6de3d8a44826b63b - view on LGTM.com

new alerts:

• 1 for Useless assignment to local variable

[matzew]

/close

[knative-prow-robot]

@matzew: Closed this PR.

In response to [this](https://github.com/knative/eventing-contrib/pull/1666#issuecomment-726708887): >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.