eric-sap
commented
1 year ago I learned something less than thrilling about this today. if I set the KAFKA_TLS_CA to this string in the kminion deployment:
- name: KAFKA_TLS_CA
value: 45,45,45,45,45,66,69,71,73,78,32,67,69,82,84,73, ...Where those numbers are literally the byte-values of every single character in the string "-----BEGIN CERTIFICATE-----
MIIGD ....." .... then it works.
(Yes, that's a 7,000-character-plus environment variable I've got in my deployment)
I traced through how the code in mitchellh/mapstructure/mapstructure.go::decode() ends up in a case reflect.Uint: err = d.decodeUint(name, input, outVal) (the technical reason for the error you're seeing), and it has something to do with the fact that in the TLSConfig part of the Kafka config in the main config struct defines
Ca []byte `koanf:"ca"`The koanf processing is using reflection to figure out the type but it thinks it's just "byte" and doesn't care about the array ... unless you manually provide an array via the impressive CSV shown.
I'm not familiar enough with any of this to say that this is or isn't functioning as intended, I just thought I'd share the results of my manual code tracing in this area.
TheMeier
In https://github.com/redpanda-data/kminion/pull/147/files a feature was introduced to ad ca, cert, key as inline config. I am unable to use this feature. Anytime something is configured here the following error is logged: